Zdravím, poprosil bych o kontrolu, díky.
Logfile of random's system information tool 1.07 (written by random/random)
Run by Jirka at 2010-07-30 19:34:59
Microsoft Windows 7 Ultimate Service Pack 3
System drive C: has 7 GB (14%) free of 53 GB
Total RAM: 4095 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:38:25, on 30.7.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
D:\Program Files\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
D:\Program Files\DAEMON Tools\DTLite.exe
D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\AsScrPro.exe
D:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Jirka\Desktop\RSIT.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\trend micro\Jirka.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SmartRAM] "D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Stahnou vse FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Stahnout FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ\ICQ7.2\ICQ.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O18 - Filter hijack: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Users\Jirka\AppData\LocalLow\Microńoft\redir.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Služba Plánovač2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - D:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 9993 bytes
======Scheduled tasks folder======
C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\AWC Update.job
C:\Windows\tasks\SmartDefrag.job
C:\Windows\tasks\Windows 7 Manager Live Update.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}]
FlashGetBHO - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2010-05-11 144944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\bin\jp2ssv.dll [2010-06-19 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [2009-08-19 170624]
"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-07-13 47904]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-18 421888]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools\DTLite.exe [2010-04-01 357696]
"SmartRAM"=D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe [2010-07-02 198864]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0x00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files\FlashGet\FlashGet3.exe"="D:\Program Files\FlashGet\FlashGet3.exe:*:Enabled:Flashget3"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0bb6a70-67f3-11df-8e89-e0cb4e8e68e5}]
shell\AutoRun\command - E:\LaunchU3.exe -a
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-07-30 19:35:05 ----D---- C:\Program Files (x86)\trend micro
2010-07-30 19:34:59 ----D---- C:\rsit
2010-07-25 17:53:06 ----D---- C:\ProgramData\ESET
2010-07-22 00:17:34 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2010-07-17 21:53:05 ----D---- C:\Program Files (x86)\QuickTime
2010-07-13 12:20:53 ----D---- C:\Users\Jirka\AppData\Roaming\vlc
2010-07-13 00:38:02 ----D---- C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2010-07-13 00:26:59 ----A---- C:\Windows\SysWOW64\OpenCL.dll
2010-07-13 00:26:59 ----A---- C:\Windows\SysWOW64\nvwgf2um.dll
2010-07-13 00:26:57 ----A---- C:\Windows\SysWOW64\nvoglv32.dll
2010-07-13 00:26:57 ----A---- C:\Windows\SysWOW64\nvdecodemft.dll
2010-07-13 00:26:53 ----A---- C:\Windows\SysWOW64\nvd3dum.dll
2010-07-13 00:26:53 ----A---- C:\Windows\SysWOW64\nvcuvid.dll
2010-07-13 00:26:50 ----A---- C:\Windows\SysWOW64\nvcuvenc.dll
2010-07-13 00:26:50 ----A---- C:\Windows\SysWOW64\nvcuda.dll
2010-07-13 00:26:50 ----A---- C:\Windows\SysWOW64\nvcompiler.dll
2010-07-13 00:26:47 ----A---- C:\Windows\SysWOW64\nvapi.dll
2010-07-10 22:57:40 ----D---- C:\Windows\SoftwareDistribution
2010-07-10 11:14:44 ----D---- C:\Users\Jirka\AppData\Roaming\Malwarebytes
2010-07-10 11:14:37 ----D---- C:\ProgramData\Malwarebytes
2010-07-10 00:26:02 ----HD---- C:\Autorun.inf
2010-07-10 00:16:25 ----D---- C:\ProgramData\GroupPolicy
2010-07-09 22:18:47 ----A---- C:\Windows\CompatibilityIssues.txt
2010-07-09 20:19:19 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2010-07-09 20:19:19 ----D---- C:\Program Files (x86)\Common Files\DESIGNER
2010-07-09 20:17:26 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2010-07-09 20:17:14 ----RHD---- C:\MSOCache
2010-07-09 20:06:06 ----A---- C:\Windows\KMSAct.exe
2010-07-09 19:48:18 ----D---- C:\Windows\PCHEALTH
2010-07-09 19:46:15 ----D---- C:\Program Files (x86)\Microsoft Office
2010-07-09 13:19:02 ----SHD---- C:\Config.Msi
2010-07-09 01:36:00 ----A---- C:\Windows\ATKPF.ini
2010-07-08 15:40:47 ----D---- C:\Users\Jirka\AppData\Roaming\DNA
2010-07-08 15:40:47 ----D---- C:\Program Files (x86)\DNA
2010-07-07 13:40:09 ----D---- C:\ProgramData\TamoSoft
2010-07-06 22:22:37 ----D---- C:\Users\Jirka\AppData\Roaming\Dropbox
2010-07-06 14:45:35 ----SHD---- C:\Windows\ftpcache
2010-07-05 20:11:38 ----A---- C:\Windows\SysWOW64\d3dx9.dll
2010-07-05 20:11:38 ----A---- C:\Windows\SysWOW64\D3DX81ab.dll
2010-07-05 17:47:33 ----D---- C:\Users\Jirka\AppData\Roaming\PlatinumHideIP
2010-07-05 17:47:33 ----D---- C:\ProgramData\PlatinumHideIP
2010-07-02 20:36:05 ----D---- C:\Windows\XSxS
2010-07-01 22:07:06 ----D---- C:\Users\Jirka\AppData\Roaming\GrabPro
2010-07-01 22:07:01 ----D---- C:\Users\Jirka\AppData\Roaming\Orbit
======List of files/folders modified in the last 1 months======
2010-07-30 19:38:26 ----D---- C:\Windows\Temp
2010-07-30 19:35:26 ----D---- C:\Windows\Prefetch
2010-07-30 19:35:05 ----RD---- C:\Program Files (x86)
2010-07-30 19:13:55 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-07-30 19:12:08 ----D---- C:\Windows
2010-07-30 17:27:00 ----A---- C:\Windows\SysWOW64\PnkBstrB.exe
2010-07-30 16:36:02 ----D---- C:\Windows\System32
2010-07-30 16:36:01 ----D---- C:\Windows\inf
2010-07-30 10:41:25 ----D---- C:\Users\Jirka\AppData\Roaming\ICQ
2010-07-30 07:34:15 ----SHD---- C:\System Volume Information
2010-07-29 18:53:30 ----D---- C:\Users\Jirka\AppData\Roaming\dvdcss
2010-07-29 09:35:54 ----D---- C:\Users\Jirka\AppData\Roaming\BITS
2010-07-26 16:02:21 ----SHD---- C:\Windows\Installer
2010-07-25 17:53:06 ----HD---- C:\ProgramData
2010-07-24 12:32:06 ----RD---- C:\Program Files
2010-07-24 12:32:06 ----D---- C:\Program Files (x86)\Common Files\Apple
2010-07-23 10:47:34 ----D---- C:\Windows\SysWOW64
2010-07-23 09:54:29 ----RSHD---- C:\Program Files (x86)\_scott_cmsn
2010-07-21 19:43:51 ----AD---- C:\ProgramData\Temp
2010-07-18 11:29:09 ----SD---- C:\Users\Jirka\AppData\Roaming\Microsoft
2010-07-17 21:53:05 ----D---- C:\ProgramData\Apple Computer
2010-07-14 14:56:37 ----D---- C:\Program Files (x86)\Windows Media Player
2010-07-14 14:12:16 ----D---- C:\Windows\SysWOW64\en-US
2010-07-14 08:05:55 ----D---- C:\Windows\debug
2010-07-13 21:43:59 ----D---- C:\Windows\winsxs
2010-07-13 21:23:17 ----D---- C:\ProgramData\Microsoft Help
2010-07-13 00:40:02 ----D---- C:\ProgramData\NVIDIA
2010-07-11 01:04:31 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-07-10 22:25:54 ----D---- C:\Windows\Tasks
2010-07-10 21:29:12 ----D---- C:\Users\Jirka\AppData\Roaming\Mozilla
2010-07-10 15:48:33 ----RSD---- C:\Windows\Fonts
2010-07-10 14:34:17 ----RSD---- C:\Windows\assembly
2010-07-10 14:34:17 ----D---- C:\Windows\ehome
2010-07-10 14:33:29 ----D---- C:\Windows\SysWOW64\wbem
2010-07-10 14:33:29 ----D---- C:\Windows\SysWOW64\migration
2010-07-10 14:33:29 ----D---- C:\Windows\SysWOW64\cs-CZ
2010-07-10 14:33:29 ----D---- C:\Windows\PolicyDefinitions
2010-07-10 14:33:21 ----D---- C:\Users\Jirka\AppData\Roaming\GHISLER
2010-07-10 14:33:21 ----D---- C:\ProgramData\P4G
2010-07-10 14:33:20 ----D---- C:\ProgramData\FLEXnet
2010-07-10 14:33:03 ----D---- C:\Windows\registration
2010-07-10 14:32:44 ----D---- C:\Windows\Microsoft.NET
2010-07-09 20:19:35 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-07-09 20:19:19 ----D---- C:\Program Files (x86)\Common Files
2010-07-09 20:19:10 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-07-09 20:19:10 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-07-09 20:18:21 ----SD---- C:\ProgramData\Microsoft
2010-07-09 20:17:42 ----A---- C:\Windows\win.ini
2010-07-09 20:17:41 ----D---- C:\Program Files (x86)\Common Files\System
2010-07-09 20:17:30 ----D---- C:\Windows\ShellNew
2010-07-08 15:47:09 ----D---- C:\Program Files (x86)\ASUS
2010-07-08 15:25:52 ----D---- C:\Windows\Logs
2010-07-08 15:19:32 ----D---- C:\Windows\SysWOW64\config
2010-07-02 19:24:59 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2010-07-02 19:24:34 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-07-01 21:39:54 ----D---- C:\Users\Jirka\AppData\Roaming\FlashGet
2010-07-01 13:32:22 ----D---- C:\Users\Jirka\AppData\Roaming\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys []
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys []
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys []
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys []
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys []
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys []
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys []
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys []
R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys []
R2 adfs;adfs; C:\Windows\SysWOW64\drivers\adfs.sys []
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 cpuz133;cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys []
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys []
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys []
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys []
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys []
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys []
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys []
R2 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Users\Jirka\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-06-12 14544]
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys []
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 CompositeBus;Ovladač rozpoznávacího modulu složené sběrnice; C:\Windows\system32\DRIVERS\CompositeBus.sys []
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys []
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys []
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys []
R3 HDAudBus;Ovladač sběrnice Microsoft UAA pro zvuk High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys []
R3 HidUsb;Ovladač třídy standardu HID Microsoft; C:\Windows\system32\DRIVERS\hidusb.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 intelppm;Ovladač procesoru Intel; C:\Windows\system32\DRIVERS\intelppm.sys []
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 monitor;Služba ovladače funkce třídy monitorů Microsoft; C:\Windows\system32\DRIVERS\monitor.sys []
R3 mouhid;Ovladač myši standardu HID; C:\Windows\system32\DRIVERS\mouhid.sys []
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys []
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys []
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys []
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys []
R3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys []
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM; C:\Windows\system32\DRIVERS\nvoclk64.sys []
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys []
R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys []
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys []
R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys []
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys []
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys []
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7; C:\Windows\system32\DRIVERS\ts_athwx.sys []
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys []
R3 umbus;Ovladač sběrnice UMBus Enumerator; C:\Windows\system32\DRIVERS\umbus.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\Windows\system32\DRIVERS\usbccgp.sys []
R3 usbehci;Ovladač miniportu vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\Windows\system32\DRIVERS\usbehci.sys []
R3 usbhub;Ovladač standardního rozbočovače USB; C:\Windows\system32\DRIVERS\usbhub.sys []
R3 usbohci;Ovladač miniportu otevřeného hostitelského řadiče Microsoft USB; C:\Windows\system32\DRIVERS\usbohci.sys []
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys []
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
S2 SRK;Scottiez RootKit; \??\C:\Windows\system32\drivers\SRK.sys [2010-07-21 3072]
S3 1394ohci;Hostitelský řadič pro rozhraní OHCI standardu 1394; C:\Windows\system32\DRIVERS\1394ohci.sys []
S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys []
S3 adp94xx;adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys []
S3 adpahci;adpahci; C:\Windows\system32\DRIVERS\adpahci.sys []
S3 adpu320;adpu320; C:\Windows\system32\DRIVERS\adpu320.sys []
S3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
S3 agp440;Filtr Intel sběrnice AGP; C:\Windows\system32\DRIVERS\agp440.sys []
S3 amdide;amdide; C:\Windows\system32\DRIVERS\amdide.sys []
S3 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\DRIVERS\amdk8.sys []
S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys []
S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys []
S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys []
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS []
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys []
S3 arc;arc; C:\Windows\system32\DRIVERS\arc.sys []
S3 arcsas;arcsas; C:\Windows\system32\DRIVERS\arcsas.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbda.sys []
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys []
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\DRIVERS\BrFiltLo.sys []
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\DRIVERS\BrFiltUp.sys []
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys []
S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys []
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys []
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys []
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\Windows\system32\DRIVERS\bthmodem.sys []
S3 circlass;Consumer IR Devices; C:\Windows\system32\DRIVERS\circlass.sys []
S3 CV2K1;CommView Network Monitor; C:\Windows\system32\DRIVERS\cv2k1.sys []
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbda.sys []
S3 elxstor;elxstor; C:\Windows\system32\DRIVERS\elxstor.sys []
S3 ErrDev;Ovladače chybového zařízení hardwaru Microsoft; C:\Windows\system32\DRIVERS\errdev.sys []
S3 exfat;exFAT File System Driver; C:\Windows\SysWOW64\drivers\exfat.sys []
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys []
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys []
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\DRIVERS\gagp30kx.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys []
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []
S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys []
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\Windows\system32\DRIVERS\hidbth.sys []
S3 HidIr;Microsoft Infrared HID Driver; C:\Windows\system32\DRIVERS\hidir.sys []
S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys []
S3 iaStorV;iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys []
S3 iirsp;iirsp; C:\Windows\system32\DRIVERS\iirsp.sys []
S3 intelide;intelide; C:\Windows\system32\DRIVERS\intelide.sys []
S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys []
S3 isapnp;isapnp; C:\Windows\system32\DRIVERS\isapnp.sys []
S3 iScsiPrt;Ovladač iScsiPort; C:\Windows\system32\DRIVERS\msiscsi.sys []
S3 kbdhid;Ovladač klávesnice standardu HID; C:\Windows\system32\DRIVERS\kbdhid.sys []
S3 LSI_FC;LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys []
S3 LSI_SAS;LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys []
S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys []
S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys []
S3 megasas;megasas; C:\Windows\system32\DRIVERS\megasas.sys []
S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys []
S3 mpio;mpio; C:\Windows\system32\DRIVERS\mpio.sys []
S3 msahci;msahci; C:\Windows\system32\DRIVERS\msahci.sys []
S3 msdsm;Specifický modul zařízení Microsoft Multi-Path; C:\Windows\system32\DRIVERS\msdsm.sys []
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys []
S3 MsRPC;MsRPC; C:\Windows\SysWOW64\drivers\MsRPC.sys []
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys []
S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys []
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys []
S3 nfrd960;nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\NSNDIS5.SYS []
S3 nv_agp;Filtr sběrnice NVIDIA nForce AGP; C:\Windows\system32\DRIVERS\nv_agp.sys []
S3 nvraid;nvraid; C:\Windows\system32\DRIVERS\nvraid.sys []
S3 nvstor;nvstor; C:\Windows\system32\DRIVERS\nvstor.sys []
S3 ohci1394;Hostitelský řadič pro rozhraní OHCI standardu 1394 (zastaralé); C:\Windows\system32\DRIVERS\ohci1394.sys []
S3 ql2300;ql2300; C:\Windows\system32\DRIVERS\ql2300.sys []
S3 ql40xx;ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys []
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys []
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys []
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys []
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 sbp2port;sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys []
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys []
S3 sermouse;Serial Mouse Driver; C:\Windows\system32\DRIVERS\sermouse.sys []
S3 sffdisk;Ovladač třídy úložiště SFF; C:\Windows\system32\DRIVERS\sffdisk.sys []
S3 sffp_mmc;Ovladač protokolu úložiště SFF pro konzolu MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys []
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys []
S3 SiSRaid2;SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys []
S3 SiSRaid4;SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys []
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys []
S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys []
S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys []
S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys []
S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\DRIVERS\uagp35.sys []
S3 uliagpkx;Filtr sběrnice Uli AGP; C:\Windows\system32\DRIVERS\uliagpkx.sys []
S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 usbcir;Infračervený přijímač eHome (USBCIR); C:\Windows\system32\DRIVERS\usbcir.sys []
S3 usbprint;Třída USB Printer; C:\Windows\system32\DRIVERS\usbprint.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\Windows\system32\DRIVERS\USBSTOR.SYS []
S3 usbuhci;Ovladač miniportu univerzálního hostitelského řadiče Microsoft USB; C:\Windows\system32\DRIVERS\usbuhci.sys []
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys []
S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
S3 vsmraid;vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys []
S3 vwifibus;Ovladač sběrnice Virtual WiFi; C:\Windows\system32\DRIVERS\vwifibus.sys []
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\DRIVERS\wacompen.sys []
S3 Wd;Wd; C:\Windows\system32\DRIVERS\wd.sys []
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys []
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []
S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\DRIVERS\crcdisk.sys []
S4 ws2ifsl;@%systemroot%\System32\drivers\ws2ifsl.sys,-1000; C:\Windows\system32\drivers\ws2ifsl.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Služba Plánovač2; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2009-12-14 829216]
R2 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe []
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; D:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-04-07 810120]
R2 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 nTuneService;Performance Service; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [2009-11-06 276584]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 O&O Defrag;O&O Defrag; D:\Program Files\OO Software\Defrag\oodag.exe [2009-09-12 2287360]
R2 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-06-04 66872]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SBSDWSCService;SBSD Security Center Service; D:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 TeamViewer4;TeamViewer 4; C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2009-06-16 185640]
R2 UpdateCenterService;Update Center Service; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [2009-11-06 282728]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WMPNetworkSvc;@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [2006-11-02 895488]
R2 WSearch;Windows Search; C:\Windows\system32\SearchIndexer.exe [2009-07-28 428032]
R3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 654112]
R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe []
R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe []
S2 StarWindServiceAE;StarWind AE Service; D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe []
S3 DEFRAGSVC;Defragmentace disku; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe []
S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\Windows\ehome\ehRecvr.exe [2010-05-09 696832]
S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\Windows\ehome\ehsched.exe [2009-07-14 127488]
S3 EhttpSrv;ESET HTTP Server; D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-04-07 42336]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-02 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-02 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42840]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 856384]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2009-07-14 20992]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2010-01-04 244904]
S3 SDRSVC;Windows Zálohování; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-14 194048]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe []
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe []
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe []
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 116560]
S4 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe []
S4 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola, špatné písmo a skrytá složka - Vyřešeno (zamknout)
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Kontrola, špatné písmo a skrytá složka - Vyřešeno (zamknout)
Naposledy upravil(a) poul33 dne 30 srp 2010 14:18, celkem upraveno 2 x.
Re: Prosím o kontrolu logu
Zdravim a pekne dopoledne preji 
Nedavejte prosim log do [ code], spatne se to lusti a boli z toho oci 
Stahnete OTL (viz muj podpis) a ulozte jej na plochu
Nedavejte prosim log do [ code], spatne se to lusti a boli z toho oci Stahnete OTL (viz muj podpis) a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Zaskrtnete okenko Pro vsechny uzivatele
- Zaskrtnete okenko Kontrola na havet "LOP"
- Zaskrtnete okenko Kontrola na havet "Purity"
- Stari souboru zmente z 30 dnu na 7 dnu
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
netsvcs drivers32 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s c:\windows\*.* /U %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys mv61xx.sys nvraid.sys ndis.sys winlogon.exe explorer.exe userinit.exe lsass.exe svchost.exe smss.exe hal.dll ws2_32.dll tcpip.sys cryptsvc.dll Changer.sys JakNDis.sys isapnp.sys cdrom.sys autochk.exe /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 CREATERESTOREPOINT- Kliknete na tlacitko Prohledat
- Po dokonceni skenu (cca 5min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu
Tady to je, nevešlo se to bohužel do příspěvku, ani jedna část, tak jsem to chtěl nahrát, ale to zase nepodporuje .txt, tak jsem dal oba soubory do .zip a to už konečně šlo.
- Přílohy
-
- OTL.zip
- (29.92 KiB) Staženo 111 x
Re: Prosím o kontrolu logu
Vzhledem k tomu, ze pouzivate nelegalni SW 
se nedivim, ze jste navstevnikem naseho fora 
Dle pravidel fora (viz zde a a zde bod c.3 ) se vsak nelegalnim SW nezabyvame, jelikoz nelegalni programy jsou vetsinou zdrojem haveti. Navic tim porusujete i autorska prava
.
Obstarejte si proto legalni ochranu Vaseho PC (antivir+firewall), pote sem vlozte novy log z OTL a CKScanneru - viz nize.
Osobne Vam doporucuji kombinaci Avast+ZoneAlarm. Prehled antiviru mate ZDE a firewallu TADY.
Log z OTL - navod jako jsem daval
Stahnete na plochu CKScanner
Pokud se sem log nevejde z duvodu velkeho poctu znaku, tak se rozdeluje do vice prispevku....
se nedivim, ze jste navstevnikem naseho fora Dle pravidel fora (viz zde a a zde bod c.3 ) se vsak nelegalnim SW nezabyvame, jelikoz nelegalni programy jsou vetsinou zdrojem haveti. Navic tim porusujete i autorska prava
.Obstarejte si proto legalni ochranu Vaseho PC (antivir+firewall), pote sem vlozte novy log z OTL a CKScanneru - viz nize.
Osobne Vam doporucuji kombinaci Avast+ZoneAlarm. Prehled antiviru mate ZDE a firewallu TADY.
Log z OTL - navod jako jsem daval Stahnete na plochu CKScanner
- Spustte a kliknete na Search for files
- Po dokonceni skenu kliknete na Save List to File a nasledne OK
- Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte
Pokud se sem log nevejde z duvodu velkeho poctu znaku, tak se rozdeluje do vice prispevku...."Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu
Netuším, co je na tom nelegálního... Sice mám v PC nainstalován TNODUP, ale už půl roku mám zakoupenout licenci, ale pro spokojenost jsem to tedy odinstaloval, tak to snad už bude v pohodě...
Tady to teda všechno nějak je ve více příspěvcích... Jinak Extras.txt mi to prostě nevytvořilo, zkusil jsem to 2x a nic, tak dávám jen OTL.txt...
OTL
OTL logfile created on: 1.8.2010 23:27:10 - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Jirka\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 51,76 Gb Total Space | 7,39 Gb Free Space | 14,28% Space Free | Partition Type: NTFS
Drive D: | 413,99 Gb Total Space | 107,23 Gb Free Space | 25,90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JIRKA-PC
Current User Name: Jirka
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.08.01 23:07:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jirka\Desktop\OTL.exe
PRC - [2010.07.24 12:44:25 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.07.24 12:44:25 | 000,014,808 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.07.02 17:33:10 | 002,347,216 | ---- | M] (IObit) -- D:\Program Files\Advanced SystemCare 3\AWC.exe
PRC - [2010.07.02 12:58:52 | 000,198,864 | ---- | M] (IObit) -- D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.06.04 21:32:59 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.04.07 21:07:24 | 000,810,120 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- D:\Program Files\DAEMON Tools\DTLite.exe
PRC - [2010.02.02 13:17:14 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009.09.03 11:33:14 | 000,054,400 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009.08.19 21:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009.08.17 10:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009.08.12 15:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009.06.19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 10:48:36 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009.05.18 16:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.12.22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.08.13 22:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008.08.13 21:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2007.08.08 01:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
========== Modules (SafeList) ==========
MOD - [2010.08.01 23:07:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jirka\Desktop\OTL.exe
MOD - [2009.07.24 11:06:41 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010.02.02 14:55:27 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.11.15 12:50:26 | 000,013,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)
SRV:64bit: - [2009.11.12 22:01:23 | 000,689,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.09.17 11:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.08.08 01:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.06.04 21:32:59 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.04.07 21:10:42 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.04.07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- D:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.02 14:55:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.12.14 15:25:44 | 000,829,216 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.11.06 14:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009.11.06 14:13:20 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009.09.12 01:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- D:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009.06.16 10:48:36 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- D:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\SRK.sys -- (SRK)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\NSNDIS5.SYS -- (NSNDIS5)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\cv2k1.sys -- (CV2K1)
DRV:64bit: - [2010.06.22 00:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.04.07 21:08:30 | 000,050,600 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010.04.07 21:08:28 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010.04.07 21:08:26 | 000,169,592 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010.04.07 21:07:10 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010.04.07 21:03:52 | 000,163,888 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010.03.30 23:35:04 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010.03.02 21:48:34 | 002,103,336 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service 7.7 [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ts_athwx.sys -- (TS_AR5416)
DRV:64bit: - [2010.02.02 20:32:31 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.02.02 15:03:46 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2010.02.02 15:03:45 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.02.02 15:03:41 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2009.11.03 21:21:58 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.10.26 02:43:18 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV:64bit: - [2009.10.26 02:43:16 | 000,117,152 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV:64bit: - [2009.10.15 17:23:20 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.10.05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.09.15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009.08.28 20:42:44 | 000,021,504 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2009.08.12 07:45:30 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.07.13 07:46:20 | 000,042,912 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 12:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.05.22 16:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.13 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV:64bit: - [2008.05.23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.07.24 12:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2010.07.31 18:15:47 | 000,003,072 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SRK.sys -- (SRK)
DRV - [2010.06.12 21:29:14 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Jirka\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-75518102-786277270-1590879232-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-75518102-786277270-1590879232-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 CF E5 0D E0 A5 CA 01 [binary data]
IE - HKU\S-1-5-21-75518102-786277270-1590879232-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-75518102-786277270-1590879232-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "YouTube"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledItems: drobbek@shabbi.cz:1.2.1
FF - prefs.js..extensions.enabledItems: nelinka@shabbi.cz:1.3.4
FF - prefs.js..extensions.enabledItems: support@platinumhideip.com:1.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.28
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.3
FF - prefs.js..extensions.enabledItems: {63414328-3ab4-2c84-6c41-5a473c4b2ff7}:1.0
FF - prefs.js..extensions.enabledItems: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {ea614400-e918-4741-9a97-7a972ff7c30b}:2.0.10
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.5
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100719
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010.07.24 13:30:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010.07.24 12:44:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.07.26 16:01:24 | 000,000,000 | ---D | M]
[2010.07.10 21:29:12 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mozilla\Extensions
[2010.08.01 19:27:25 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions
[2010.07.22 00:29:01 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.07.10 21:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
[2010.07.10 21:29:44 | 000,000,000 | ---D | M] (QAssistant) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
[2010.07.10 21:29:44 | 000,000,000 | ---D | M] (U Flv) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
[2010.07.27 15:47:19 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010.07.10 21:29:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.13 10:38:37 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010.07.10 21:29:44 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2010.07.10 21:29:43 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\drobbek@shabbi.cz
[2010.07.23 00:41:59 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\nasanightlaunch@example.com
[2010.07.10 21:29:44 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\nelinka@shabbi.cz
[2010.07.10 21:29:44 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\support@platinumhideip.com
[2010.07.10 17:09:36 | 000,004,140 | ---- | M] () -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\searchplugins\youtube.xml
O1 HOSTS File: ([2010.07.30 19:34:42 | 000,415,604 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 14348 more lines...
O2:64bit: - BHO: (no name) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [egui] D:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [_scott_vrc] C:\Program Files (x86)\_scott_svchost.exe File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-75518102-786277270-1590879232-1000..\Run: [_scott_vrc] C:\Program Files (x86)\_scott_svchost.exe File not found
O4 - HKU\S-1-5-21-75518102-786277270-1590879232-1000..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-75518102-786277270-1590879232-1000..\Run: [SmartRAM] D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-75518102-786277270-1590879232-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-75518102-786277270-1590879232-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O7 - HKU\S-1-5-21-75518102-786277270-1590879232-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName =
O7 - HKU\S-1-5-21-75518102-786277270-1590879232-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction =
O8:64bit: - Extra context menu item: Download all by FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: Stahnou vse FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Stahnout FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Stahnou vse FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Stahnout FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-75518102-786277270-1590879232-1000\..Trusted Domains: kuaiche.com ([software] http in Důvěryhodné servery)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDow ... rtScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.4.181
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/html {574940E0-1B7A-4881-8FA3-1E809714B156} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/html {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Users\Jirka\AppData\LocalLow\Microńoft\redir.dll ()
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\SysNative\WPDShServiceObj.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.10 00:26:02 | 000,000,000 | -H-D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.07.10 00:26:06 | 000,000,000 | -H-D | M] - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{f0bb6a70-67f3-11df-8e89-e0cb4e8e68e5}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.WMV3 - C:\Windows\SysWow64\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 7 Days ==========
[2010.08.01 23:07:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Jirka\Desktop\OTL.exe
[2010.07.31 18:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\down
[2010.07.30 19:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2010.08.01 23:27:05 | 007,864,320 | -HS- | M] () -- C:\Users\Jirka\ntuser.dat
[2010.08.01 23:13:14 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010.08.01 23:11:19 | 000,443,392 | ---- | M] () -- C:\Users\Jirka\Desktop\CKScanner.exe
[2010.08.01 23:07:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jirka\Desktop\OTL.exe
[2010.08.01 18:00:05 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\Windows 7 Manager Live Update.job
[2010.08.01 11:27:33 | 000,183,152 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.01 10:37:59 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2010.08.01 09:43:25 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010.08.01 09:42:16 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.01 09:42:16 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.01 09:40:07 | 000,798,176 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.01 09:40:07 | 000,665,132 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.08.01 09:40:07 | 000,134,912 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.08.01 09:40:07 | 000,007,726 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.01 09:40:07 | 000,005,474 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.01 09:36:11 | 000,001,790 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2010.08.01 09:35:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.01 09:35:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.01 09:35:35 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.01 09:35:35 | 000,491,260 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2010.08.01 01:33:05 | 002,499,930 | -H-- | M] () -- C:\Users\Jirka\AppData\Local\IconCache.db
[2010.07.31 18:15:47 | 000,003,072 | ---- | M] () -- C:\Windows\SysWow64\drivers\SRK.sys
[2010.07.31 18:15:07 | 000,022,040 | ---- | M] () -- C:\Users\Jirka\AppData\Roaming\addon.dat
[2010.07.30 23:57:03 | 000,000,891 | ---- | M] () -- C:\Windows\SysWow64\secushr.dat
[2010.07.30 19:34:42 | 000,415,604 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.07.29 09:35:54 | 000,000,380 | ---- | M] () -- C:\Windows\SysWow64\secustat.dat
[2010.07.26 18:51:09 | 000,044,328 | ---- | M] () -- C:\Users\Jirka\Desktop\Podklady_pro_uzavreni_smlouvy_ZIS.ods
[2010.07.26 17:28:58 | 000,032,256 | ---- | M] () -- C:\Users\Jirka\Desktop\Parcelní číslo.doc
[2010.07.26 01:10:53 | 008,407,040 | ---- | M] () -- C:\Users\Jirka\Desktop\PoolStar-v1.4.4-Jonnne.ipa
[2010.07.26 01:09:51 | 011,521,419 | ---- | M] () -- C:\Users\Jirka\Desktop\VirtualPool-v1.97 dNaP0D.ipa
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.08.01 23:11:18 | 000,443,392 | ---- | C] () -- C:\Users\Jirka\Desktop\CKScanner.exe
[2010.07.31 18:15:07 | 000,022,040 | ---- | C] () -- C:\Users\Jirka\AppData\Roaming\addon.dat
[2010.07.26 17:31:20 | 000,044,328 | ---- | C] () -- C:\Users\Jirka\Desktop\Podklady_pro_uzavreni_smlouvy_ZIS.ods
[2010.07.26 17:28:55 | 000,032,256 | ---- | C] () -- C:\Users\Jirka\Desktop\Parcelní číslo.doc
[2010.07.26 01:09:25 | 011,521,419 | ---- | C] () -- C:\Users\Jirka\Desktop\VirtualPool-v1.97 dNaP0D.ipa
[2010.07.26 01:09:11 | 008,407,040 | ---- | C] () -- C:\Users\Jirka\Desktop\PoolStar-v1.4.4-Jonnne.ipa
[2010.07.22 00:17:34 | 000,819,224 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.09 01:36:00 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010.07.05 20:11:38 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.06.25 18:17:22 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\drivers\SRK.sys
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.13 18:33:36 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.02.25 23:46:13 | 000,000,238 | ---- | C] () -- C:\Windows\mafosav.INI
[2010.02.04 14:24:28 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\detoured.dll
[2009.12.10 15:39:10 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.08.16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2001.01.12 11:52:26 | 000,044,032 | ---- | C] () -- C:\Windows\SysWow64\vbpng1.dll
[2001.01.12 11:49:38 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
Tady to teda všechno nějak je ve více příspěvcích... Jinak Extras.txt mi to prostě nevytvořilo, zkusil jsem to 2x a nic, tak dávám jen OTL.txt...
OTL
OTL logfile created on: 1.8.2010 23:27:10 - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Jirka\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 51,76 Gb Total Space | 7,39 Gb Free Space | 14,28% Space Free | Partition Type: NTFS
Drive D: | 413,99 Gb Total Space | 107,23 Gb Free Space | 25,90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JIRKA-PC
Current User Name: Jirka
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.08.01 23:07:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jirka\Desktop\OTL.exe
PRC - [2010.07.24 12:44:25 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.07.24 12:44:25 | 000,014,808 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.07.02 17:33:10 | 002,347,216 | ---- | M] (IObit) -- D:\Program Files\Advanced SystemCare 3\AWC.exe
PRC - [2010.07.02 12:58:52 | 000,198,864 | ---- | M] (IObit) -- D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.06.04 21:32:59 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.04.07 21:07:24 | 000,810,120 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- D:\Program Files\DAEMON Tools\DTLite.exe
PRC - [2010.02.02 13:17:14 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009.09.03 11:33:14 | 000,054,400 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009.08.19 21:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009.08.17 10:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009.08.12 15:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009.06.19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 10:48:36 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009.05.18 16:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.12.22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.08.13 22:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008.08.13 21:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2007.08.08 01:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
========== Modules (SafeList) ==========
MOD - [2010.08.01 23:07:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jirka\Desktop\OTL.exe
MOD - [2009.07.24 11:06:41 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16400_none_4209f94e2b866170\comctl32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010.02.02 14:55:27 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.11.15 12:50:26 | 000,013,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)
SRV:64bit: - [2009.11.12 22:01:23 | 000,689,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.09.17 11:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.08.08 01:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.06.04 21:32:59 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.04.07 21:10:42 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.04.07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- D:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.02 14:55:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.12.14 15:25:44 | 000,829,216 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.11.06 14:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009.11.06 14:13:20 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009.09.12 01:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- D:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009.06.16 10:48:36 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- D:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\SRK.sys -- (SRK)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\NSNDIS5.SYS -- (NSNDIS5)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\cv2k1.sys -- (CV2K1)
DRV:64bit: - [2010.06.22 00:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.04.07 21:08:30 | 000,050,600 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010.04.07 21:08:28 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010.04.07 21:08:26 | 000,169,592 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010.04.07 21:07:10 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010.04.07 21:03:52 | 000,163,888 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010.03.30 23:35:04 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010.03.02 21:48:34 | 002,103,336 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service 7.7 [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ts_athwx.sys -- (TS_AR5416)
DRV:64bit: - [2010.02.02 20:32:31 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.02.02 15:03:46 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2010.02.02 15:03:45 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.02.02 15:03:41 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2009.11.03 21:21:58 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.10.26 02:43:18 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV:64bit: - [2009.10.26 02:43:16 | 000,117,152 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV:64bit: - [2009.10.15 17:23:20 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.10.05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.09.15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009.08.28 20:42:44 | 000,021,504 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2009.08.12 07:45:30 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.07.13 07:46:20 | 000,042,912 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 12:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.05.22 16:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.13 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV:64bit: - [2008.05.23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.07.24 12:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2010.07.31 18:15:47 | 000,003,072 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SRK.sys -- (SRK)
DRV - [2010.06.12 21:29:14 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Jirka\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-75518102-786277270-1590879232-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-75518102-786277270-1590879232-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 CF E5 0D E0 A5 CA 01 [binary data]
IE - HKU\S-1-5-21-75518102-786277270-1590879232-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-75518102-786277270-1590879232-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "YouTube"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledItems: drobbek@shabbi.cz:1.2.1
FF - prefs.js..extensions.enabledItems: nelinka@shabbi.cz:1.3.4
FF - prefs.js..extensions.enabledItems: support@platinumhideip.com:1.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.28
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.3
FF - prefs.js..extensions.enabledItems: {63414328-3ab4-2c84-6c41-5a473c4b2ff7}:1.0
FF - prefs.js..extensions.enabledItems: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {ea614400-e918-4741-9a97-7a972ff7c30b}:2.0.10
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.5
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100719
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010.07.24 13:30:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010.07.24 12:44:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.07.26 16:01:24 | 000,000,000 | ---D | M]
[2010.07.10 21:29:12 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mozilla\Extensions
[2010.08.01 19:27:25 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions
[2010.07.22 00:29:01 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.07.10 21:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
[2010.07.10 21:29:44 | 000,000,000 | ---D | M] (QAssistant) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
[2010.07.10 21:29:44 | 000,000,000 | ---D | M] (U Flv) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
[2010.07.27 15:47:19 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010.07.10 21:29:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.13 10:38:37 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010.07.10 21:29:44 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2010.07.10 21:29:43 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\drobbek@shabbi.cz
[2010.07.23 00:41:59 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\nasanightlaunch@example.com
[2010.07.10 21:29:44 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\nelinka@shabbi.cz
[2010.07.10 21:29:44 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\extensions\support@platinumhideip.com
[2010.07.10 17:09:36 | 000,004,140 | ---- | M] () -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\searchplugins\youtube.xml
O1 HOSTS File: ([2010.07.30 19:34:42 | 000,415,604 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 14348 more lines...
O2:64bit: - BHO: (no name) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [egui] D:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [_scott_vrc] C:\Program Files (x86)\_scott_svchost.exe File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-75518102-786277270-1590879232-1000..\Run: [_scott_vrc] C:\Program Files (x86)\_scott_svchost.exe File not found
O4 - HKU\S-1-5-21-75518102-786277270-1590879232-1000..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-75518102-786277270-1590879232-1000..\Run: [SmartRAM] D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-75518102-786277270-1590879232-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-75518102-786277270-1590879232-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O7 - HKU\S-1-5-21-75518102-786277270-1590879232-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName =
O7 - HKU\S-1-5-21-75518102-786277270-1590879232-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction =
O8:64bit: - Extra context menu item: Download all by FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: Stahnou vse FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Stahnout FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Stahnou vse FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Stahnout FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-75518102-786277270-1590879232-1000\..Trusted Domains: kuaiche.com ([software] http in Důvěryhodné servery)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDow ... rtScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.4.181
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/html {574940E0-1B7A-4881-8FA3-1E809714B156} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/html {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Users\Jirka\AppData\LocalLow\Microńoft\redir.dll ()
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\SysNative\WPDShServiceObj.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.10 00:26:02 | 000,000,000 | -H-D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.07.10 00:26:06 | 000,000,000 | -H-D | M] - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{f0bb6a70-67f3-11df-8e89-e0cb4e8e68e5}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.WMV3 - C:\Windows\SysWow64\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 7 Days ==========
[2010.08.01 23:07:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Jirka\Desktop\OTL.exe
[2010.07.31 18:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\down
[2010.07.30 19:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2010.08.01 23:27:05 | 007,864,320 | -HS- | M] () -- C:\Users\Jirka\ntuser.dat
[2010.08.01 23:13:14 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010.08.01 23:11:19 | 000,443,392 | ---- | M] () -- C:\Users\Jirka\Desktop\CKScanner.exe
[2010.08.01 23:07:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jirka\Desktop\OTL.exe
[2010.08.01 18:00:05 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\Windows 7 Manager Live Update.job
[2010.08.01 11:27:33 | 000,183,152 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.01 10:37:59 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2010.08.01 09:43:25 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010.08.01 09:42:16 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.01 09:42:16 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.01 09:40:07 | 000,798,176 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.01 09:40:07 | 000,665,132 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.08.01 09:40:07 | 000,134,912 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.08.01 09:40:07 | 000,007,726 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.01 09:40:07 | 000,005,474 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.01 09:36:11 | 000,001,790 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2010.08.01 09:35:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.01 09:35:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.01 09:35:35 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.01 09:35:35 | 000,491,260 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2010.08.01 01:33:05 | 002,499,930 | -H-- | M] () -- C:\Users\Jirka\AppData\Local\IconCache.db
[2010.07.31 18:15:47 | 000,003,072 | ---- | M] () -- C:\Windows\SysWow64\drivers\SRK.sys
[2010.07.31 18:15:07 | 000,022,040 | ---- | M] () -- C:\Users\Jirka\AppData\Roaming\addon.dat
[2010.07.30 23:57:03 | 000,000,891 | ---- | M] () -- C:\Windows\SysWow64\secushr.dat
[2010.07.30 19:34:42 | 000,415,604 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.07.29 09:35:54 | 000,000,380 | ---- | M] () -- C:\Windows\SysWow64\secustat.dat
[2010.07.26 18:51:09 | 000,044,328 | ---- | M] () -- C:\Users\Jirka\Desktop\Podklady_pro_uzavreni_smlouvy_ZIS.ods
[2010.07.26 17:28:58 | 000,032,256 | ---- | M] () -- C:\Users\Jirka\Desktop\Parcelní číslo.doc
[2010.07.26 01:10:53 | 008,407,040 | ---- | M] () -- C:\Users\Jirka\Desktop\PoolStar-v1.4.4-Jonnne.ipa
[2010.07.26 01:09:51 | 011,521,419 | ---- | M] () -- C:\Users\Jirka\Desktop\VirtualPool-v1.97 dNaP0D.ipa
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.08.01 23:11:18 | 000,443,392 | ---- | C] () -- C:\Users\Jirka\Desktop\CKScanner.exe
[2010.07.31 18:15:07 | 000,022,040 | ---- | C] () -- C:\Users\Jirka\AppData\Roaming\addon.dat
[2010.07.26 17:31:20 | 000,044,328 | ---- | C] () -- C:\Users\Jirka\Desktop\Podklady_pro_uzavreni_smlouvy_ZIS.ods
[2010.07.26 17:28:55 | 000,032,256 | ---- | C] () -- C:\Users\Jirka\Desktop\Parcelní číslo.doc
[2010.07.26 01:09:25 | 011,521,419 | ---- | C] () -- C:\Users\Jirka\Desktop\VirtualPool-v1.97 dNaP0D.ipa
[2010.07.26 01:09:11 | 008,407,040 | ---- | C] () -- C:\Users\Jirka\Desktop\PoolStar-v1.4.4-Jonnne.ipa
[2010.07.22 00:17:34 | 000,819,224 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.09 01:36:00 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010.07.05 20:11:38 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.06.25 18:17:22 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\drivers\SRK.sys
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.13 18:33:36 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.02.25 23:46:13 | 000,000,238 | ---- | C] () -- C:\Windows\mafosav.INI
[2010.02.04 14:24:28 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\detoured.dll
[2009.12.10 15:39:10 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.08.16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2001.01.12 11:52:26 | 000,044,032 | ---- | C] () -- C:\Windows\SysWow64\vbpng1.dll
[2001.01.12 11:49:38 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
Naposledy upravil(a) poul33 dne 01 srp 2010 22:42, celkem upraveno 2 x.
Re: Prosím o kontrolu logu
========== LOP Check ==========
[2010.03.22 22:39:01 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Acronis
[2010.02.20 15:19:10 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Bioshock2
[2010.07.30 23:31:00 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\BITS
[2010.05.29 20:16:33 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\bizarre creations
[2010.06.25 13:10:13 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\CoSoSys
[2010.02.02 21:57:30 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\DAEMON Tools Lite
[2010.06.05 00:24:38 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\DMCache
[2010.07.14 07:49:29 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\DNA
[2010.07.07 11:04:31 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Dropbox
[2010.02.02 13:44:29 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\ESET
[2010.07.01 21:39:54 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\FlashGet
[2010.03.13 18:32:39 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\FlashGetBHO
[2010.04.05 21:19:13 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\GetRightToGo
[2010.07.10 14:33:21 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\GHISLER
[2010.07.01 22:07:06 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\GrabPro
[2010.07.30 10:41:25 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\ICQ
[2010.06.15 13:23:07 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\IObit
[2010.07.01 22:13:54 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Orbit
[2010.07.05 17:47:33 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\PlatinumHideIP
[2010.02.21 09:50:44 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Secure Soft
[2010.06.21 14:46:12 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Stellarium
[2010.06.15 13:46:17 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\TeamViewer
[2010.03.21 22:30:22 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\The Creative Assembly
[2010.02.02 15:30:05 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\TuneUp Software
[2010.03.06 11:38:33 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Ubisoft
[2010.02.05 13:59:42 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Win7codecs
[2010.08.01 09:43:25 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010.08.01 10:37:59 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\AWC Update.job
[2010.06.02 13:23:15 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.01 23:13:14 | 000,000,448 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2010.08.01 18:00:05 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Windows 7 Manager Live Update.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 03:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "D:\Program Files\DAEMON Tools\DTLite.exe" -autorun -- [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
"SmartRAM" = "D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe" /m -- [2010.07.02 12:58:52 | 000,198,864 | ---- | M] (IObit)
"_scott_vrc" = C:\Program Files (x86)\_scott_svchost.exe -- File not found
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =
< c:\windows\*.* /U >
[2 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.03.22 22:39:01 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Acronis
[2010.07.01 13:32:22 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Adobe
[2010.02.14 22:45:11 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Apple Computer
[2010.05.24 18:10:35 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\ArcSoft
[2010.02.20 15:19:10 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Bioshock2
[2010.07.30 23:31:00 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\BITS
[2010.05.29 20:16:33 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\bizarre creations
[2010.06.25 13:10:13 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\CoSoSys
[2010.04.02 09:54:14 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\CyberLink
[2010.02.02 21:57:30 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\DAEMON Tools Lite
[2010.06.05 00:24:38 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\DMCache
[2010.07.14 07:49:29 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\DNA
[2010.04.02 08:05:49 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Download Manager
[2010.07.07 11:04:31 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Dropbox
[2010.07.31 10:16:13 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\dvdcss
[2010.02.02 13:44:29 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\ESET
[2010.07.01 21:39:54 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\FlashGet
[2010.03.13 18:32:39 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\FlashGetBHO
[2010.04.05 21:19:13 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\GetRightToGo
[2010.07.10 14:33:21 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\GHISLER
[2010.07.01 22:07:06 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\GrabPro
[2010.07.30 10:41:25 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\ICQ
[2010.02.02 12:42:38 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Identities
[2010.02.02 13:10:18 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\InstallShield
[2010.02.02 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\InstallShield Installation Information
[2010.06.15 13:23:07 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\IObit
[2010.02.02 13:17:04 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Macromedia
[2010.07.10 11:14:44 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Malwarebytes
[2009.07.14 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Media Center Programs
[2010.07.18 11:29:09 | 000,000,000 | --SD | M] -- C:\Users\Jirka\AppData\Roaming\Microsoft
[2010.07.10 21:29:12 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mozilla
[2010.04.01 17:23:11 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\NVIDIA
[2010.07.01 22:13:54 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Orbit
[2010.07.05 17:47:33 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\PlatinumHideIP
[2010.02.21 09:50:44 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Secure Soft
[2010.04.24 11:57:48 | 000,000,000 | RH-D | M] -- C:\Users\Jirka\AppData\Roaming\SecuROM
[2010.06.21 14:46:12 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Stellarium
[2010.06.15 13:46:17 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\TeamViewer
[2010.03.21 22:30:22 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\The Creative Assembly
[2010.02.02 15:30:05 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\TuneUp Software
[2010.03.06 11:38:33 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Ubisoft
[2010.07.15 00:16:35 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\vlc
[2010.02.05 13:59:42 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Win7codecs
[2010.02.02 23:56:06 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2010.05.29 22:49:09 | 010,274,313 | ---- | M] (Igor Pavlov) -- C:\Users\Jirka\AppData\Roaming\bizarre creations\blur\BizUpdaterPack.exe
[2010.02.02 22:00:12 | 000,331,776 | ---- | M] () -- C:\Users\Jirka\AppData\Roaming\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
[2010.07.27 15:47:22 | 000,188,152 | ---- | M] () -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\FlashGot.exe
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_e8ae2662e553ad0f\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.20551_none_16adec2ff16ac3e3\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_b230b4f1ea781c27\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20621_none_39f398b8542b6259\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.10.01 09:17:00 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=2632B7125E0730E019532CFCFFFFBFC0 -- C:\Windows\SysWOW64\autochk.exe
[2009.10.01 09:17:00 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=2632B7125E0730E019532CFCFFFFBFC0 -- C:\Windows\SysWOW64\autochk.exe
[2009.10.01 09:17:00 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=2632B7125E0730E019532CFCFFFFBFC0 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.20538_none_e28cf2983c0715a1\autochk.exe
[2009.10.01 09:42:15 | 000,777,216 | ---- | M] (Microsoft Corporation) MD5=3AE12EC776AB9830462E8197FB5C88CF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.20538_none_3eab8e1bf46486d7\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2009.07.21 08:49:50 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=91543759D93F9EF026458DA5DA3452CC -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.20493_none_bc1b19d4d69ff9fe\cdrom.sys
[2009.12.13 09:08:08 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=D31F9B6C218F64C15D10FFE71C2EF842 -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_c92d34b80b393423\cdrom.sys
[2009.12.13 09:08:08 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=D31F9B6C218F64C15D10FFE71C2EF842 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.20595_none_bc1d1c4ed69e29d3\cdrom.sys
[2009.07.21 08:54:09 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=EC5AE6D60673DD4874C6DA1D4BA4CBCB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_98e633ec9740bcb1\cdrom.sys
[2009.07.21 08:54:09 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=EC5AE6D60673DD4874C6DA1D4BA4CBCB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16397_none_bb957e31bd7ebf90\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.11.09 08:58:12 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=22F7FA1FD0223AE08AE4070534B96CF9 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20570_none_b88db036e0e839ae\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.11.09 09:30:20 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=90BD96C123F672C49CB5E1C7854FDFC0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20570_none_ae3905e4ac8777b3\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.11.09 09:03:37 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\SysWOW64\explorer.exe
[2009.11.09 09:03:37 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\SysWOW64\explorer.exe
[2009.11.09 09:03:37 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16457_none_b820b549c7b41363\explorer.exe
[2009.11.09 09:26:38 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E0ABC4E94E734604A2244273784FD4CB -- C:\Windows\explorer.exe
[2009.11.09 09:26:38 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E0ABC4E94E734604A2244273784FD4CB -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16457_none_adcc0af793535168\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: HAL.DLL >
[2010.01.15 22:11:04 | 000,263,048 | ---- | M] (Microsoft Corporation) MD5=45F5444ADD9D62F54B580B2CD3E51E93 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.20618_none_07f635348c3d6082\hal.dll
[2009.07.21 12:41:27 | 000,263,256 | ---- | M] (Microsoft Corporation) MD5=84B0029D17938C96270660359F2533D3 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16397_none_071514f373618c9b\hal.dll
[2009.07.21 12:33:00 | 000,263,256 | ---- | M] (Microsoft Corporation) MD5=950385D61D3F99E2D3143633D8221CA9 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.20493_none_079ab0968c82c709\hal.dll
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.01.15 22:01:53 | 000,263,048 | ---- | M] (Microsoft Corporation) MD5=CA2F33BF271FF7D78C045301BFC566DA -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16504_none_0773672d731b3f6b\hal.dll
< MD5 for: IASTORV.SYS >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_e8ae2662e553ad0f\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.20551_none_16adec2ff16ac3e3\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20571_none_02cfe9de8f955a81\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
< MD5 for: NDIS.SYS >
[2009.07.24 11:53:48 | 000,947,800 | ---- | M] (Microsoft Corporation) MD5=467D2C33B82990603E9E90FE96B034C3 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16400_none_040d9d423583b2ab\ndis.sys
[2009.07.24 12:06:23 | 000,947,800 | ---- | M] (Microsoft Corporation) MD5=613D1170CE8E0EA30EB83F3004C09016 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.20496_none_043bea974ee4e8d1\ndis.sys
[2009.12.29 10:15:47 | 000,948,104 | ---- | M] (Microsoft Corporation) MD5=745183BC62829154E350BD2C640EDC27 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.20605_none_049c3d654e9cce4f\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
< MD5 for: NETLOGON.DLL >
[2010.01.19 13:55:29 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=63B462CADA8761DBE16F0575536C324B -- C:\Windows\SysWOW64\netlogon.dll
[2010.01.19 13:55:29 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=63B462CADA8761DBE16F0575536C324B -- C:\Windows\SysWOW64\netlogon.dll
[2010.01.19 13:55:29 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=63B462CADA8761DBE16F0575536C324B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.20621_none_64c7d2339efc3e0f\netlogon.dll
[2010.01.19 12:29:22 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=720FDDBD9CCFFB7E8B7777503BC00369 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.20621_none_5a7327e16a9b7c14\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.01.14 09:37:33 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B218D0D5250E979049771B25E552EEA2 -- C:\Windows\SysWOW64\scecli.dll
[2010.01.14 09:37:33 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B218D0D5250E979049771B25E552EEA2 -- C:\Windows\SysWOW64\scecli.dll
[2010.01.14 09:37:33 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B218D0D5250E979049771B25E552EEA2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.20617_none_9f2ecef4401040e3\scecli.dll
[2010.01.14 10:15:08 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=E5D0B45BB476B0A2F247C21523206419 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.20617_none_94da24a20baf7ee8\scecli.dll
< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2009.07.24 12:06:40 | 001,898,584 | ---- | M] (Microsoft Corporation) MD5=6DECEB05E65970699E24F0E6BB9D6DD8 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20496_none_0f92d122993c1caf\tcpip.sys
[2010.01.27 09:55:10 | 001,901,568 | ---- | M] (Microsoft Corporation) MD5=7BFF7A0AB9F2699DF15502C5BF23929D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20628_none_0fe084f699018614\tcpip.sys
[2009.11.05 15:05:39 | 001,899,080 | ---- | M] (Microsoft Corporation) MD5=7EFCB0055C0E31B558AEA716EA36B7C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20567_none_0fb443169922df5a\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2010.01.27 09:57:36 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=B320A81B6A7D01B4AF9E85E22E9F6BDF -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16512_none_0f5bb65b7fe1324f\tcpip.sys
[2009.07.24 11:53:52 | 001,898,568 | ---- | M] (Microsoft Corporation) MD5=BDD634B4C9CE26884812E29DDC5AF5B8 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16400_none_0f6483cd7fdae689\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.11.13 12:37:35 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=9D5DA4E693BE6B27339FB31EE2E8F808 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20574_none_cc4b611107b8ea45\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010.07.31 18:15:47 | 000,003,072 | ---- | M] () -- C:\Windows\SysWOW64\drivers\SRK.sys
< %systemroot%\system32\*.* /3 >
[2010.08.01 11:27:33 | 000,183,152 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
[2010.07.30 23:57:03 | 000,000,891 | ---- | M] () -- C:\Windows\SysWOW64\secushr.dat
========== Alternate Data Streams ==========
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:C7EEDD66
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:16334B5B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:586F1F7F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:76098070
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:95AD1231
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:500F021A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:CC02DF48
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:87B0D92B
< End of report >
[2010.03.22 22:39:01 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Acronis
[2010.02.20 15:19:10 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Bioshock2
[2010.07.30 23:31:00 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\BITS
[2010.05.29 20:16:33 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\bizarre creations
[2010.06.25 13:10:13 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\CoSoSys
[2010.02.02 21:57:30 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\DAEMON Tools Lite
[2010.06.05 00:24:38 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\DMCache
[2010.07.14 07:49:29 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\DNA
[2010.07.07 11:04:31 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Dropbox
[2010.02.02 13:44:29 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\ESET
[2010.07.01 21:39:54 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\FlashGet
[2010.03.13 18:32:39 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\FlashGetBHO
[2010.04.05 21:19:13 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\GetRightToGo
[2010.07.10 14:33:21 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\GHISLER
[2010.07.01 22:07:06 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\GrabPro
[2010.07.30 10:41:25 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\ICQ
[2010.06.15 13:23:07 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\IObit
[2010.07.01 22:13:54 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Orbit
[2010.07.05 17:47:33 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\PlatinumHideIP
[2010.02.21 09:50:44 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Secure Soft
[2010.06.21 14:46:12 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Stellarium
[2010.06.15 13:46:17 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\TeamViewer
[2010.03.21 22:30:22 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\The Creative Assembly
[2010.02.02 15:30:05 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\TuneUp Software
[2010.03.06 11:38:33 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Ubisoft
[2010.02.05 13:59:42 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Win7codecs
[2010.08.01 09:43:25 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010.08.01 10:37:59 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\AWC Update.job
[2010.06.02 13:23:15 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.01 23:13:14 | 000,000,448 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2010.08.01 18:00:05 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Windows 7 Manager Live Update.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 03:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "D:\Program Files\DAEMON Tools\DTLite.exe" -autorun -- [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
"SmartRAM" = "D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe" /m -- [2010.07.02 12:58:52 | 000,198,864 | ---- | M] (IObit)
"_scott_vrc" = C:\Program Files (x86)\_scott_svchost.exe -- File not found
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =
< c:\windows\*.* /U >
[2 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.03.22 22:39:01 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Acronis
[2010.07.01 13:32:22 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Adobe
[2010.02.14 22:45:11 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Apple Computer
[2010.05.24 18:10:35 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\ArcSoft
[2010.02.20 15:19:10 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Bioshock2
[2010.07.30 23:31:00 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\BITS
[2010.05.29 20:16:33 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\bizarre creations
[2010.06.25 13:10:13 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\CoSoSys
[2010.04.02 09:54:14 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\CyberLink
[2010.02.02 21:57:30 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\DAEMON Tools Lite
[2010.06.05 00:24:38 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\DMCache
[2010.07.14 07:49:29 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\DNA
[2010.04.02 08:05:49 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Download Manager
[2010.07.07 11:04:31 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Dropbox
[2010.07.31 10:16:13 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\dvdcss
[2010.02.02 13:44:29 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\ESET
[2010.07.01 21:39:54 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\FlashGet
[2010.03.13 18:32:39 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\FlashGetBHO
[2010.04.05 21:19:13 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\GetRightToGo
[2010.07.10 14:33:21 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\GHISLER
[2010.07.01 22:07:06 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\GrabPro
[2010.07.30 10:41:25 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\ICQ
[2010.02.02 12:42:38 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Identities
[2010.02.02 13:10:18 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\InstallShield
[2010.02.02 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\InstallShield Installation Information
[2010.06.15 13:23:07 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\IObit
[2010.02.02 13:17:04 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Macromedia
[2010.07.10 11:14:44 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Malwarebytes
[2009.07.14 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Media Center Programs
[2010.07.18 11:29:09 | 000,000,000 | --SD | M] -- C:\Users\Jirka\AppData\Roaming\Microsoft
[2010.07.10 21:29:12 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Mozilla
[2010.04.01 17:23:11 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\NVIDIA
[2010.07.01 22:13:54 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Orbit
[2010.07.05 17:47:33 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\PlatinumHideIP
[2010.02.21 09:50:44 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Secure Soft
[2010.04.24 11:57:48 | 000,000,000 | RH-D | M] -- C:\Users\Jirka\AppData\Roaming\SecuROM
[2010.06.21 14:46:12 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Stellarium
[2010.06.15 13:46:17 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\TeamViewer
[2010.03.21 22:30:22 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\The Creative Assembly
[2010.02.02 15:30:05 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\TuneUp Software
[2010.03.06 11:38:33 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Ubisoft
[2010.07.15 00:16:35 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\vlc
[2010.02.05 13:59:42 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\Win7codecs
[2010.02.02 23:56:06 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2010.05.29 22:49:09 | 010,274,313 | ---- | M] (Igor Pavlov) -- C:\Users\Jirka\AppData\Roaming\bizarre creations\blur\BizUpdaterPack.exe
[2010.02.02 22:00:12 | 000,331,776 | ---- | M] () -- C:\Users\Jirka\AppData\Roaming\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
[2010.07.27 15:47:22 | 000,188,152 | ---- | M] () -- C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\on1te9la.default\FlashGot.exe
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_e8ae2662e553ad0f\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.20551_none_16adec2ff16ac3e3\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_b230b4f1ea781c27\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20621_none_39f398b8542b6259\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.10.01 09:17:00 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=2632B7125E0730E019532CFCFFFFBFC0 -- C:\Windows\SysWOW64\autochk.exe
[2009.10.01 09:17:00 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=2632B7125E0730E019532CFCFFFFBFC0 -- C:\Windows\SysWOW64\autochk.exe
[2009.10.01 09:17:00 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=2632B7125E0730E019532CFCFFFFBFC0 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.20538_none_e28cf2983c0715a1\autochk.exe
[2009.10.01 09:42:15 | 000,777,216 | ---- | M] (Microsoft Corporation) MD5=3AE12EC776AB9830462E8197FB5C88CF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.20538_none_3eab8e1bf46486d7\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2009.07.21 08:49:50 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=91543759D93F9EF026458DA5DA3452CC -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.20493_none_bc1b19d4d69ff9fe\cdrom.sys
[2009.12.13 09:08:08 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=D31F9B6C218F64C15D10FFE71C2EF842 -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_c92d34b80b393423\cdrom.sys
[2009.12.13 09:08:08 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=D31F9B6C218F64C15D10FFE71C2EF842 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.20595_none_bc1d1c4ed69e29d3\cdrom.sys
[2009.07.21 08:54:09 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=EC5AE6D60673DD4874C6DA1D4BA4CBCB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_98e633ec9740bcb1\cdrom.sys
[2009.07.21 08:54:09 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=EC5AE6D60673DD4874C6DA1D4BA4CBCB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16397_none_bb957e31bd7ebf90\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.11.09 08:58:12 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=22F7FA1FD0223AE08AE4070534B96CF9 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20570_none_b88db036e0e839ae\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.11.09 09:30:20 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=90BD96C123F672C49CB5E1C7854FDFC0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20570_none_ae3905e4ac8777b3\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.11.09 09:03:37 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\SysWOW64\explorer.exe
[2009.11.09 09:03:37 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\SysWOW64\explorer.exe
[2009.11.09 09:03:37 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16457_none_b820b549c7b41363\explorer.exe
[2009.11.09 09:26:38 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E0ABC4E94E734604A2244273784FD4CB -- C:\Windows\explorer.exe
[2009.11.09 09:26:38 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E0ABC4E94E734604A2244273784FD4CB -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16457_none_adcc0af793535168\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: HAL.DLL >
[2010.01.15 22:11:04 | 000,263,048 | ---- | M] (Microsoft Corporation) MD5=45F5444ADD9D62F54B580B2CD3E51E93 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.20618_none_07f635348c3d6082\hal.dll
[2009.07.21 12:41:27 | 000,263,256 | ---- | M] (Microsoft Corporation) MD5=84B0029D17938C96270660359F2533D3 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16397_none_071514f373618c9b\hal.dll
[2009.07.21 12:33:00 | 000,263,256 | ---- | M] (Microsoft Corporation) MD5=950385D61D3F99E2D3143633D8221CA9 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.20493_none_079ab0968c82c709\hal.dll
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.01.15 22:01:53 | 000,263,048 | ---- | M] (Microsoft Corporation) MD5=CA2F33BF271FF7D78C045301BFC566DA -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16504_none_0773672d731b3f6b\hal.dll
< MD5 for: IASTORV.SYS >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_e8ae2662e553ad0f\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.20551_none_16adec2ff16ac3e3\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20571_none_02cfe9de8f955a81\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
< MD5 for: NDIS.SYS >
[2009.07.24 11:53:48 | 000,947,800 | ---- | M] (Microsoft Corporation) MD5=467D2C33B82990603E9E90FE96B034C3 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16400_none_040d9d423583b2ab\ndis.sys
[2009.07.24 12:06:23 | 000,947,800 | ---- | M] (Microsoft Corporation) MD5=613D1170CE8E0EA30EB83F3004C09016 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.20496_none_043bea974ee4e8d1\ndis.sys
[2009.12.29 10:15:47 | 000,948,104 | ---- | M] (Microsoft Corporation) MD5=745183BC62829154E350BD2C640EDC27 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.20605_none_049c3d654e9cce4f\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
< MD5 for: NETLOGON.DLL >
[2010.01.19 13:55:29 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=63B462CADA8761DBE16F0575536C324B -- C:\Windows\SysWOW64\netlogon.dll
[2010.01.19 13:55:29 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=63B462CADA8761DBE16F0575536C324B -- C:\Windows\SysWOW64\netlogon.dll
[2010.01.19 13:55:29 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=63B462CADA8761DBE16F0575536C324B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.20621_none_64c7d2339efc3e0f\netlogon.dll
[2010.01.19 12:29:22 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=720FDDBD9CCFFB7E8B7777503BC00369 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.20621_none_5a7327e16a9b7c14\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.01.14 09:37:33 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B218D0D5250E979049771B25E552EEA2 -- C:\Windows\SysWOW64\scecli.dll
[2010.01.14 09:37:33 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B218D0D5250E979049771B25E552EEA2 -- C:\Windows\SysWOW64\scecli.dll
[2010.01.14 09:37:33 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B218D0D5250E979049771B25E552EEA2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.20617_none_9f2ecef4401040e3\scecli.dll
[2010.01.14 10:15:08 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=E5D0B45BB476B0A2F247C21523206419 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.20617_none_94da24a20baf7ee8\scecli.dll
< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2009.07.24 12:06:40 | 001,898,584 | ---- | M] (Microsoft Corporation) MD5=6DECEB05E65970699E24F0E6BB9D6DD8 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20496_none_0f92d122993c1caf\tcpip.sys
[2010.01.27 09:55:10 | 001,901,568 | ---- | M] (Microsoft Corporation) MD5=7BFF7A0AB9F2699DF15502C5BF23929D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20628_none_0fe084f699018614\tcpip.sys
[2009.11.05 15:05:39 | 001,899,080 | ---- | M] (Microsoft Corporation) MD5=7EFCB0055C0E31B558AEA716EA36B7C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20567_none_0fb443169922df5a\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2010.01.27 09:57:36 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=B320A81B6A7D01B4AF9E85E22E9F6BDF -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16512_none_0f5bb65b7fe1324f\tcpip.sys
[2009.07.24 11:53:52 | 001,898,568 | ---- | M] (Microsoft Corporation) MD5=BDD634B4C9CE26884812E29DDC5AF5B8 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16400_none_0f6483cd7fdae689\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.11.13 12:37:35 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=9D5DA4E693BE6B27339FB31EE2E8F808 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20574_none_cc4b611107b8ea45\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010.07.31 18:15:47 | 000,003,072 | ---- | M] () -- C:\Windows\SysWOW64\drivers\SRK.sys
< %systemroot%\system32\*.* /3 >
[2010.08.01 11:27:33 | 000,183,152 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
[2010.07.30 23:57:03 | 000,000,891 | ---- | M] () -- C:\Windows\SysWOW64\secushr.dat
========== Alternate Data Streams ==========
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:C7EEDD66
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:16334B5B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:586F1F7F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:76098070
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:95AD1231
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:500F021A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:CC02DF48
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:87B0D92B
< End of report >
Re: Prosím o kontrolu logu
CKS
CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\jirka\desktop\aircrack\authors
c:\users\jirka\desktop\aircrack\changelog
c:\users\jirka\desktop\aircrack\common.mak
c:\users\jirka\desktop\aircrack\evalrev
c:\users\jirka\desktop\aircrack\installing
c:\users\jirka\desktop\aircrack\license
c:\users\jirka\desktop\aircrack\license.openssl
c:\users\jirka\desktop\aircrack\makefile
c:\users\jirka\desktop\aircrack\patchchk
c:\users\jirka\desktop\aircrack\readme
c:\users\jirka\desktop\aircrack\version
c:\users\jirka\desktop\aircrack\bin\airbase-ng.exe
c:\users\jirka\desktop\aircrack\bin\aircrack-ng gui.exe
c:\users\jirka\desktop\aircrack\bin\aircrack-ng.exe
c:\users\jirka\desktop\aircrack\bin\airdecap-ng.exe
c:\users\jirka\desktop\aircrack\bin\airdecloak-ng.exe
c:\users\jirka\desktop\aircrack\bin\aireplay-ng.exe
c:\users\jirka\desktop\aircrack\bin\airodump-ng.exe
c:\users\jirka\desktop\aircrack\bin\airolib-ng.exe
c:\users\jirka\desktop\aircrack\bin\airserv-ng.exe
c:\users\jirka\desktop\aircrack\bin\airtun-ng.exe
c:\users\jirka\desktop\aircrack\bin\buddy-ng.exe
c:\users\jirka\desktop\aircrack\bin\cygcrypto-0.9.8.dll
c:\users\jirka\desktop\aircrack\bin\cyggcc_s-1.dll
c:\users\jirka\desktop\aircrack\bin\cygwin1.dll
c:\users\jirka\desktop\aircrack\bin\cygz.dll
c:\users\jirka\desktop\aircrack\bin\easside-ng.exe
c:\users\jirka\desktop\aircrack\bin\ivstools.exe
c:\users\jirka\desktop\aircrack\bin\kstats.exe
c:\users\jirka\desktop\aircrack\bin\makeivs-ng.exe
c:\users\jirka\desktop\aircrack\bin\msvcr70.dll
c:\users\jirka\desktop\aircrack\bin\packetforge-ng.exe
c:\users\jirka\desktop\aircrack\bin\tkiptun-ng.exe
c:\users\jirka\desktop\aircrack\bin\wesside-ng.exe
c:\users\jirka\desktop\aircrack\bin\wzcook.exe
c:\users\jirka\desktop\aircrack\manpages\airbase-ng.1
c:\users\jirka\desktop\aircrack\manpages\aircrack-ng.1
c:\users\jirka\desktop\aircrack\manpages\airdecap-ng.1
c:\users\jirka\desktop\aircrack\manpages\airdecloak-ng.1
c:\users\jirka\desktop\aircrack\manpages\airdriver-ng.1
c:\users\jirka\desktop\aircrack\manpages\aireplay-ng.1
c:\users\jirka\desktop\aircrack\manpages\airmon-ng.1
c:\users\jirka\desktop\aircrack\manpages\airodump-ng.1
c:\users\jirka\desktop\aircrack\manpages\airolib-ng.1
c:\users\jirka\desktop\aircrack\manpages\airserv-ng.1
c:\users\jirka\desktop\aircrack\manpages\airtun-ng.1
c:\users\jirka\desktop\aircrack\manpages\buddy-ng.1
c:\users\jirka\desktop\aircrack\manpages\easside-ng.1
c:\users\jirka\desktop\aircrack\manpages\ivstools.1
c:\users\jirka\desktop\aircrack\manpages\kstats.1
c:\users\jirka\desktop\aircrack\manpages\makefile
c:\users\jirka\desktop\aircrack\manpages\makeivs-ng.1
c:\users\jirka\desktop\aircrack\manpages\packetforge-ng.1
c:\users\jirka\desktop\aircrack\manpages\tkiptun-ng.1
c:\users\jirka\desktop\aircrack\manpages\wesside-ng.1
c:\users\jirka\desktop\aircrack\scripts\airdriver-ng
c:\users\jirka\desktop\aircrack\scripts\airmon-ng
c:\users\jirka\desktop\aircrack\scripts\airodump-ng-oui-update
c:\users\jirka\desktop\aircrack\scripts\makefile
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\airdrop-ng.py
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\install.py
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\readme
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\uninstall.py
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\docs\airdrop-ng.1
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\docs\apple.sample.txt
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\docs\droprules.conf.example
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\lib\colorize.py
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\lib\libdumpparse.py
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\lib\libouiparse.py
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\airgraph-ng.py
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\common.mak
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\dump-join.py
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\makefile
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\readme
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\lib\lib_airgraphviz.py
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\lib\makefile
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\man\airgraph-ng.1
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\man\dump-join.1
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\man\makefile
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\test\test-1.txt
c:\users\jirka\desktop\aircrack\src\airbase-ng.c
c:\users\jirka\desktop\aircrack\src\aircrack-ng.c
c:\users\jirka\desktop\aircrack\src\aircrack-ng.h
c:\users\jirka\desktop\aircrack\src\aircrack-ptw-lib.c
c:\users\jirka\desktop\aircrack\src\aircrack-ptw-lib.h
c:\users\jirka\desktop\aircrack\src\airdecap-ng.c
c:\users\jirka\desktop\aircrack\src\airdecloak-ng.c
c:\users\jirka\desktop\aircrack\src\airdecloak-ng.h
c:\users\jirka\desktop\aircrack\src\aireplay-ng.c
c:\users\jirka\desktop\aircrack\src\airodump-ng.c
c:\users\jirka\desktop\aircrack\src\airodump-ng.h
c:\users\jirka\desktop\aircrack\src\airolib-ng.c
c:\users\jirka\desktop\aircrack\src\airserv-ng.c
c:\users\jirka\desktop\aircrack\src\airtun-ng.c
c:\users\jirka\desktop\aircrack\src\buddy-ng.c
c:\users\jirka\desktop\aircrack\src\common.c
c:\users\jirka\desktop\aircrack\src\common.h
c:\users\jirka\desktop\aircrack\src\crctable.h
c:\users\jirka\desktop\aircrack\src\crypto.c
c:\users\jirka\desktop\aircrack\src\crypto.h
c:\users\jirka\desktop\aircrack\src\easside-ng.c
c:\users\jirka\desktop\aircrack\src\easside.h
c:\users\jirka\desktop\aircrack\src\ivstools.c
c:\users\jirka\desktop\aircrack\src\kstats.c
c:\users\jirka\desktop\aircrack\src\makefile
c:\users\jirka\desktop\aircrack\src\makeivs-ng.c
c:\users\jirka\desktop\aircrack\src\packetforge-ng.c
c:\users\jirka\desktop\aircrack\src\pcap.h
c:\users\jirka\desktop\aircrack\src\sha1-sse2.h
c:\users\jirka\desktop\aircrack\src\sha1-sse2.s
c:\users\jirka\desktop\aircrack\src\tkiptun-ng.c
c:\users\jirka\desktop\aircrack\src\uniqueiv.c
c:\users\jirka\desktop\aircrack\src\uniqueiv.h
c:\users\jirka\desktop\aircrack\src\version.h
c:\users\jirka\desktop\aircrack\src\wesside-ng.c
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng.sln
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\aircrack-ng.csproj
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\aircrack-ng.csproj.user
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\form1.cs
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\form1.designer.cs
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\form1.resx
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\program.cs
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\properties\assemblyinfo.cs
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\properties\resources.designer.cs
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\properties\resources.resx
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\properties\settings.designer.cs
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\properties\settings.settings
c:\users\jirka\desktop\aircrack\src\include\ethernet.h
c:\users\jirka\desktop\aircrack\src\include\ieee80211.h
c:\users\jirka\desktop\aircrack\src\include\if_arp.h
c:\users\jirka\desktop\aircrack\src\include\if_llc.h
c:\users\jirka\desktop\aircrack\src\osdep\airpcap.c
c:\users\jirka\desktop\aircrack\src\osdep\airpcap.h
c:\users\jirka\desktop\aircrack\src\osdep\byteorder.h
c:\users\jirka\desktop\aircrack\src\osdep\common.c
c:\users\jirka\desktop\aircrack\src\osdep\common.h
c:\users\jirka\desktop\aircrack\src\osdep\crctable_osdep.h
c:\users\jirka\desktop\aircrack\src\osdep\cygwin.c
c:\users\jirka\desktop\aircrack\src\osdep\cygwin.h
c:\users\jirka\desktop\aircrack\src\osdep\cygwin_tap.c
c:\users\jirka\desktop\aircrack\src\osdep\darwin.c
c:\users\jirka\desktop\aircrack\src\osdep\darwin_tap.c
c:\users\jirka\desktop\aircrack\src\osdep\dummy.c
c:\users\jirka\desktop\aircrack\src\osdep\dummy_tap.c
c:\users\jirka\desktop\aircrack\src\osdep\freebsd.c
c:\users\jirka\desktop\aircrack\src\osdep\freebsd_tap.c
c:\users\jirka\desktop\aircrack\src\osdep\linux.c
c:\users\jirka\desktop\aircrack\src\osdep\linux_tap.c
c:\users\jirka\desktop\aircrack\src\osdep\makefile
c:\users\jirka\desktop\aircrack\src\osdep\netbsd.c
c:\users\jirka\desktop\aircrack\src\osdep\netbsd_tap.c
c:\users\jirka\desktop\aircrack\src\osdep\network.c
c:\users\jirka\desktop\aircrack\src\osdep\network.h
c:\users\jirka\desktop\aircrack\src\osdep\openbsd.c
c:\users\jirka\desktop\aircrack\src\osdep\openbsd_tap.c
c:\users\jirka\desktop\aircrack\src\osdep\osdep.c
c:\users\jirka\desktop\aircrack\src\osdep\osdep.h
c:\users\jirka\desktop\aircrack\src\osdep\packed.h
c:\users\jirka\desktop\aircrack\src\osdep\radiotap\ieee80211_radiotap.h
c:\users\jirka\desktop\aircrack\src\osdep\radiotap\makefile
c:\users\jirka\desktop\aircrack\src\osdep\radiotap\radiotap-parser.c
c:\users\jirka\desktop\aircrack\src\osdep\radiotap\radiotap-parser.h
c:\users\jirka\desktop\aircrack\src\osdep\tap-win32\common.h
c:\users\jirka\desktop\aircrack\src\wzcook\console.c
c:\users\jirka\desktop\aircrack\src\wzcook\console.h
c:\users\jirka\desktop\aircrack\src\wzcook\resource.h
c:\users\jirka\desktop\aircrack\src\wzcook\wzcook.c
c:\users\jirka\desktop\aircrack\src\wzcook\wzcook.dsp
c:\users\jirka\desktop\aircrack\src\wzcook\wzcook.dsw
c:\users\jirka\desktop\aircrack\src\wzcook\wzcook.ico
c:\users\jirka\desktop\aircrack\src\wzcook\wzcook.rc
c:\users\jirka\desktop\aircrack\test\chinese-ssid-name.pcap
c:\users\jirka\desktop\aircrack\test\passphrases.db
c:\users\jirka\desktop\aircrack\test\password.lst
c:\users\jirka\desktop\aircrack\test\replay.py
c:\users\jirka\desktop\aircrack\test\wep.open.system.authentication.cap
c:\users\jirka\desktop\aircrack\test\wep.shared.key.authentication.cap
c:\users\jirka\desktop\aircrack\test\wpa.cap
c:\users\jirka\desktop\aircrack\test\wpa2.eapol.cap
c:\users\jirka\music\itunes\itunes media\mobile applications\im -4.2.1-cracked-by-esamu--hackulous.ipa
scanner sequence 3.ZZ.11
----- EOF -----
CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\jirka\desktop\aircrack\authors
c:\users\jirka\desktop\aircrack\changelog
c:\users\jirka\desktop\aircrack\common.mak
c:\users\jirka\desktop\aircrack\evalrev
c:\users\jirka\desktop\aircrack\installing
c:\users\jirka\desktop\aircrack\license
c:\users\jirka\desktop\aircrack\license.openssl
c:\users\jirka\desktop\aircrack\makefile
c:\users\jirka\desktop\aircrack\patchchk
c:\users\jirka\desktop\aircrack\readme
c:\users\jirka\desktop\aircrack\version
c:\users\jirka\desktop\aircrack\bin\airbase-ng.exe
c:\users\jirka\desktop\aircrack\bin\aircrack-ng gui.exe
c:\users\jirka\desktop\aircrack\bin\aircrack-ng.exe
c:\users\jirka\desktop\aircrack\bin\airdecap-ng.exe
c:\users\jirka\desktop\aircrack\bin\airdecloak-ng.exe
c:\users\jirka\desktop\aircrack\bin\aireplay-ng.exe
c:\users\jirka\desktop\aircrack\bin\airodump-ng.exe
c:\users\jirka\desktop\aircrack\bin\airolib-ng.exe
c:\users\jirka\desktop\aircrack\bin\airserv-ng.exe
c:\users\jirka\desktop\aircrack\bin\airtun-ng.exe
c:\users\jirka\desktop\aircrack\bin\buddy-ng.exe
c:\users\jirka\desktop\aircrack\bin\cygcrypto-0.9.8.dll
c:\users\jirka\desktop\aircrack\bin\cyggcc_s-1.dll
c:\users\jirka\desktop\aircrack\bin\cygwin1.dll
c:\users\jirka\desktop\aircrack\bin\cygz.dll
c:\users\jirka\desktop\aircrack\bin\easside-ng.exe
c:\users\jirka\desktop\aircrack\bin\ivstools.exe
c:\users\jirka\desktop\aircrack\bin\kstats.exe
c:\users\jirka\desktop\aircrack\bin\makeivs-ng.exe
c:\users\jirka\desktop\aircrack\bin\msvcr70.dll
c:\users\jirka\desktop\aircrack\bin\packetforge-ng.exe
c:\users\jirka\desktop\aircrack\bin\tkiptun-ng.exe
c:\users\jirka\desktop\aircrack\bin\wesside-ng.exe
c:\users\jirka\desktop\aircrack\bin\wzcook.exe
c:\users\jirka\desktop\aircrack\manpages\airbase-ng.1
c:\users\jirka\desktop\aircrack\manpages\aircrack-ng.1
c:\users\jirka\desktop\aircrack\manpages\airdecap-ng.1
c:\users\jirka\desktop\aircrack\manpages\airdecloak-ng.1
c:\users\jirka\desktop\aircrack\manpages\airdriver-ng.1
c:\users\jirka\desktop\aircrack\manpages\aireplay-ng.1
c:\users\jirka\desktop\aircrack\manpages\airmon-ng.1
c:\users\jirka\desktop\aircrack\manpages\airodump-ng.1
c:\users\jirka\desktop\aircrack\manpages\airolib-ng.1
c:\users\jirka\desktop\aircrack\manpages\airserv-ng.1
c:\users\jirka\desktop\aircrack\manpages\airtun-ng.1
c:\users\jirka\desktop\aircrack\manpages\buddy-ng.1
c:\users\jirka\desktop\aircrack\manpages\easside-ng.1
c:\users\jirka\desktop\aircrack\manpages\ivstools.1
c:\users\jirka\desktop\aircrack\manpages\kstats.1
c:\users\jirka\desktop\aircrack\manpages\makefile
c:\users\jirka\desktop\aircrack\manpages\makeivs-ng.1
c:\users\jirka\desktop\aircrack\manpages\packetforge-ng.1
c:\users\jirka\desktop\aircrack\manpages\tkiptun-ng.1
c:\users\jirka\desktop\aircrack\manpages\wesside-ng.1
c:\users\jirka\desktop\aircrack\scripts\airdriver-ng
c:\users\jirka\desktop\aircrack\scripts\airmon-ng
c:\users\jirka\desktop\aircrack\scripts\airodump-ng-oui-update
c:\users\jirka\desktop\aircrack\scripts\makefile
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\airdrop-ng.py
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\install.py
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\readme
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\uninstall.py
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\docs\airdrop-ng.1
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\docs\apple.sample.txt
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\docs\droprules.conf.example
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\lib\colorize.py
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\lib\libdumpparse.py
c:\users\jirka\desktop\aircrack\scripts\airdrop-ng\lib\libouiparse.py
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\airgraph-ng.py
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\common.mak
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\dump-join.py
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\makefile
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\readme
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\lib\lib_airgraphviz.py
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\lib\makefile
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\man\airgraph-ng.1
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\man\dump-join.1
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\man\makefile
c:\users\jirka\desktop\aircrack\scripts\airgraph-ng\test\test-1.txt
c:\users\jirka\desktop\aircrack\src\airbase-ng.c
c:\users\jirka\desktop\aircrack\src\aircrack-ng.c
c:\users\jirka\desktop\aircrack\src\aircrack-ng.h
c:\users\jirka\desktop\aircrack\src\aircrack-ptw-lib.c
c:\users\jirka\desktop\aircrack\src\aircrack-ptw-lib.h
c:\users\jirka\desktop\aircrack\src\airdecap-ng.c
c:\users\jirka\desktop\aircrack\src\airdecloak-ng.c
c:\users\jirka\desktop\aircrack\src\airdecloak-ng.h
c:\users\jirka\desktop\aircrack\src\aireplay-ng.c
c:\users\jirka\desktop\aircrack\src\airodump-ng.c
c:\users\jirka\desktop\aircrack\src\airodump-ng.h
c:\users\jirka\desktop\aircrack\src\airolib-ng.c
c:\users\jirka\desktop\aircrack\src\airserv-ng.c
c:\users\jirka\desktop\aircrack\src\airtun-ng.c
c:\users\jirka\desktop\aircrack\src\buddy-ng.c
c:\users\jirka\desktop\aircrack\src\common.c
c:\users\jirka\desktop\aircrack\src\common.h
c:\users\jirka\desktop\aircrack\src\crctable.h
c:\users\jirka\desktop\aircrack\src\crypto.c
c:\users\jirka\desktop\aircrack\src\crypto.h
c:\users\jirka\desktop\aircrack\src\easside-ng.c
c:\users\jirka\desktop\aircrack\src\easside.h
c:\users\jirka\desktop\aircrack\src\ivstools.c
c:\users\jirka\desktop\aircrack\src\kstats.c
c:\users\jirka\desktop\aircrack\src\makefile
c:\users\jirka\desktop\aircrack\src\makeivs-ng.c
c:\users\jirka\desktop\aircrack\src\packetforge-ng.c
c:\users\jirka\desktop\aircrack\src\pcap.h
c:\users\jirka\desktop\aircrack\src\sha1-sse2.h
c:\users\jirka\desktop\aircrack\src\sha1-sse2.s
c:\users\jirka\desktop\aircrack\src\tkiptun-ng.c
c:\users\jirka\desktop\aircrack\src\uniqueiv.c
c:\users\jirka\desktop\aircrack\src\uniqueiv.h
c:\users\jirka\desktop\aircrack\src\version.h
c:\users\jirka\desktop\aircrack\src\wesside-ng.c
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng.sln
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\aircrack-ng.csproj
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\aircrack-ng.csproj.user
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\form1.cs
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\form1.designer.cs
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\form1.resx
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\program.cs
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\properties\assemblyinfo.cs
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\properties\resources.designer.cs
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\properties\resources.resx
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\properties\settings.designer.cs
c:\users\jirka\desktop\aircrack\src\gui\aircrack-ng\properties\settings.settings
c:\users\jirka\desktop\aircrack\src\include\ethernet.h
c:\users\jirka\desktop\aircrack\src\include\ieee80211.h
c:\users\jirka\desktop\aircrack\src\include\if_arp.h
c:\users\jirka\desktop\aircrack\src\include\if_llc.h
c:\users\jirka\desktop\aircrack\src\osdep\airpcap.c
c:\users\jirka\desktop\aircrack\src\osdep\airpcap.h
c:\users\jirka\desktop\aircrack\src\osdep\byteorder.h
c:\users\jirka\desktop\aircrack\src\osdep\common.c
c:\users\jirka\desktop\aircrack\src\osdep\common.h
c:\users\jirka\desktop\aircrack\src\osdep\crctable_osdep.h
c:\users\jirka\desktop\aircrack\src\osdep\cygwin.c
c:\users\jirka\desktop\aircrack\src\osdep\cygwin.h
c:\users\jirka\desktop\aircrack\src\osdep\cygwin_tap.c
c:\users\jirka\desktop\aircrack\src\osdep\darwin.c
c:\users\jirka\desktop\aircrack\src\osdep\darwin_tap.c
c:\users\jirka\desktop\aircrack\src\osdep\dummy.c
c:\users\jirka\desktop\aircrack\src\osdep\dummy_tap.c
c:\users\jirka\desktop\aircrack\src\osdep\freebsd.c
c:\users\jirka\desktop\aircrack\src\osdep\freebsd_tap.c
c:\users\jirka\desktop\aircrack\src\osdep\linux.c
c:\users\jirka\desktop\aircrack\src\osdep\linux_tap.c
c:\users\jirka\desktop\aircrack\src\osdep\makefile
c:\users\jirka\desktop\aircrack\src\osdep\netbsd.c
c:\users\jirka\desktop\aircrack\src\osdep\netbsd_tap.c
c:\users\jirka\desktop\aircrack\src\osdep\network.c
c:\users\jirka\desktop\aircrack\src\osdep\network.h
c:\users\jirka\desktop\aircrack\src\osdep\openbsd.c
c:\users\jirka\desktop\aircrack\src\osdep\openbsd_tap.c
c:\users\jirka\desktop\aircrack\src\osdep\osdep.c
c:\users\jirka\desktop\aircrack\src\osdep\osdep.h
c:\users\jirka\desktop\aircrack\src\osdep\packed.h
c:\users\jirka\desktop\aircrack\src\osdep\radiotap\ieee80211_radiotap.h
c:\users\jirka\desktop\aircrack\src\osdep\radiotap\makefile
c:\users\jirka\desktop\aircrack\src\osdep\radiotap\radiotap-parser.c
c:\users\jirka\desktop\aircrack\src\osdep\radiotap\radiotap-parser.h
c:\users\jirka\desktop\aircrack\src\osdep\tap-win32\common.h
c:\users\jirka\desktop\aircrack\src\wzcook\console.c
c:\users\jirka\desktop\aircrack\src\wzcook\console.h
c:\users\jirka\desktop\aircrack\src\wzcook\resource.h
c:\users\jirka\desktop\aircrack\src\wzcook\wzcook.c
c:\users\jirka\desktop\aircrack\src\wzcook\wzcook.dsp
c:\users\jirka\desktop\aircrack\src\wzcook\wzcook.dsw
c:\users\jirka\desktop\aircrack\src\wzcook\wzcook.ico
c:\users\jirka\desktop\aircrack\src\wzcook\wzcook.rc
c:\users\jirka\desktop\aircrack\test\chinese-ssid-name.pcap
c:\users\jirka\desktop\aircrack\test\passphrases.db
c:\users\jirka\desktop\aircrack\test\password.lst
c:\users\jirka\desktop\aircrack\test\replay.py
c:\users\jirka\desktop\aircrack\test\wep.open.system.authentication.cap
c:\users\jirka\desktop\aircrack\test\wep.shared.key.authentication.cap
c:\users\jirka\desktop\aircrack\test\wpa.cap
c:\users\jirka\desktop\aircrack\test\wpa2.eapol.cap
c:\users\jirka\music\itunes\itunes media\mobile applications\im -4.2.1-cracked-by-esamu--hackulous.ipa
scanner sequence 3.ZZ.11
----- EOF -----
Re: Prosím o kontrolu logu
Ano prave ten TNOD je nelegalni Pokud tedy mate licenci zakoupenou, nebudu to dale zkoumat ci opravdu ano nebo si po zkontolovani TNOD zase date zpatky... Ty polozky z CK Scanneru jsou co prosim zac 
Doporucuji odinstalovat Advanced SystemCare 3 - tento softik nema mezi zdejsimi radci moc velkou oblibu a uz vibec ne duveru - velkou merou se o to zasadil fakt ze spolecnost ukradla virou databazi spolecnosti Malwares co ma produkt MBAM Spustte znovu OTL
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
:otl SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA) DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\SRK.sys -- (SRK) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\NSNDIS5.SYS -- (NSNDIS5) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\cv2k1.sys -- (CV2K1) IE - HKU\S-1-5-21-75518102-786277270-1590879232-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 CF E5 0D E0 A5 CA 01 [binary data] IE - HKU\S-1-5-21-75518102-786277270-1590879232-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; O2:64bit: - BHO: (no name) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No CLSID value found. O4 - HKLM..\Run: [_scott_vrc] C:\Program Files (x86)\_scott_svchost.exe File not found O4 - HKU\S-1-5-21-75518102-786277270-1590879232-1000..\Run: [_scott_vrc] C:\Program Files (x86)\_scott_svchost.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-75518102-786277270-1590879232-1000\..Trusted Domains: kuaiche.com ([software] http in Důvěryhodné servery) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/html {574940E0-1B7A-4881-8FA3-1E809714B156} - Reg Error: Key error. File not found O18 - Protocol\Filter\text/html {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Users\Jirka\AppData\LocalLow\Microńoft\redir.dll () O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O33 - MountPoints2\{f0bb6a70-67f3-11df-8e89-e0cb4e8e68e5}\Shell - "" = AutoRun [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:C7EEDD66 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:16334B5B @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:586F1F7F @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:76098070 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:95AD1231 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:500F021A @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:CC02DF48 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:87B0D92B :reg [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater] ""=- :files C:\WINDOWS\system32\*.tmp.dll /s C:\WINDOWS\system32\SET*.tmp /s C:\WINDOWS\*.tmp /s C:\Users\Jirka\AppData\LocalLow\Microńoft\redir.dll D:\Program Files\ESET\TNOD :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH] [CLEARALLRESTOREPOINTS]- Nasledne kliknete na Opravit
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu
All processes killed
========== OTL ==========
Service PnkBstrA stopped successfully!
Service PnkBstrA deleted successfully!
File C:\Windows\SysNative\PnkBstrA.exe not found.
Service SRK stopped successfully!
Service SRK deleted successfully!
File C:\Windows\SysNative\drivers\SRK.sys not found.
Service NSNDIS5 stopped successfully!
Service NSNDIS5 deleted successfully!
File C:\Windows\SysNative\NSNDIS5.SYS not found.
Service CV2K1 stopped successfully!
Service CV2K1 deleted successfully!
File C:\Windows\SysNative\DRIVERS\cv2k1.sys not found.
HKU\S-1-5-21-75518102-786277270-1590879232-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-75518102-786277270-1590879232-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\_scott_vrc deleted successfully.
Invalid CLSID key: _scott_vrc
Registry value HKEY_USERS\S-1-5-21-75518102-786277270-1590879232-1000\Software\Microsoft\Windows\CurrentVersion\Run\\_scott_vrc deleted successfully.
Invalid CLSID key: _scott_vrc
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-75518102-786277270-1590879232-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kuaiche.com\software\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gopher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79eac9e4-baf9-11ce-8c82-00aa004ba90b}\ not found.
File {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{574940E0-1B7A-4881-8FA3-1E809714B156}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{574940E0-1B7A-4881-8FA3-1E809714B156}\ deleted successfully.
C:\Users\Jirka\AppData\LocalLow\Microńoft\redir.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0bb6a70-67f3-11df-8e89-e0cb4e8e68e5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0bb6a70-67f3-11df-8e89-e0cb4e8e68e5}\ not found.
C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP\WiseData.ini deleted successfully.
C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP folder deleted successfully.
C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP folder deleted successfully.
ADS C:\ProgramData\Temp:C7EEDD66 deleted successfully.
ADS C:\ProgramData\Temp:16334B5B deleted successfully.
ADS C:\ProgramData\Temp:586F1F7F deleted successfully.
ADS C:\ProgramData\Temp:76098070 deleted successfully.
ADS C:\ProgramData\Temp:95AD1231 deleted successfully.
ADS C:\ProgramData\Temp:500F021A deleted successfully.
ADS C:\ProgramData\Temp:CC02DF48 deleted successfully.
ADS C:\ProgramData\Temp:87B0D92B deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater\\ deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP179.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPCCEF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
File\Folder C:\Users\Jirka\AppData\LocalLow\Microńoft\redir.dll not found.
D:\Program Files\ESET\TNOD folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jirka
->Temp folder emptied: 3776 bytes
->Temporary Internet Files folder emptied: 6104593 bytes
->Java cache emptied: 12307726 bytes
->FireFox cache emptied: 131778623 bytes
->Google Chrome cache emptied: 97309238 bytes
->Flash cache emptied: 677 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4916 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 236,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Jirka
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.9.1 log created on 08062010_200945
Files\Folders moved on Reboot...
C:\Users\Jirka\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
========== OTL ==========
Service PnkBstrA stopped successfully!
Service PnkBstrA deleted successfully!
File C:\Windows\SysNative\PnkBstrA.exe not found.
Service SRK stopped successfully!
Service SRK deleted successfully!
File C:\Windows\SysNative\drivers\SRK.sys not found.
Service NSNDIS5 stopped successfully!
Service NSNDIS5 deleted successfully!
File C:\Windows\SysNative\NSNDIS5.SYS not found.
Service CV2K1 stopped successfully!
Service CV2K1 deleted successfully!
File C:\Windows\SysNative\DRIVERS\cv2k1.sys not found.
HKU\S-1-5-21-75518102-786277270-1590879232-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-75518102-786277270-1590879232-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\_scott_vrc deleted successfully.
Invalid CLSID key: _scott_vrc
Registry value HKEY_USERS\S-1-5-21-75518102-786277270-1590879232-1000\Software\Microsoft\Windows\CurrentVersion\Run\\_scott_vrc deleted successfully.
Invalid CLSID key: _scott_vrc
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-75518102-786277270-1590879232-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kuaiche.com\software\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gopher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79eac9e4-baf9-11ce-8c82-00aa004ba90b}\ not found.
File {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{574940E0-1B7A-4881-8FA3-1E809714B156}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{574940E0-1B7A-4881-8FA3-1E809714B156}\ deleted successfully.
C:\Users\Jirka\AppData\LocalLow\Microńoft\redir.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0bb6a70-67f3-11df-8e89-e0cb4e8e68e5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0bb6a70-67f3-11df-8e89-e0cb4e8e68e5}\ not found.
C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP\WiseData.ini deleted successfully.
C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP folder deleted successfully.
C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP folder deleted successfully.
ADS C:\ProgramData\Temp:C7EEDD66 deleted successfully.
ADS C:\ProgramData\Temp:16334B5B deleted successfully.
ADS C:\ProgramData\Temp:586F1F7F deleted successfully.
ADS C:\ProgramData\Temp:76098070 deleted successfully.
ADS C:\ProgramData\Temp:95AD1231 deleted successfully.
ADS C:\ProgramData\Temp:500F021A deleted successfully.
ADS C:\ProgramData\Temp:CC02DF48 deleted successfully.
ADS C:\ProgramData\Temp:87B0D92B deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater\\ deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP179.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPCCEF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
File\Folder C:\Users\Jirka\AppData\LocalLow\Microńoft\redir.dll not found.
D:\Program Files\ESET\TNOD folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jirka
->Temp folder emptied: 3776 bytes
->Temporary Internet Files folder emptied: 6104593 bytes
->Java cache emptied: 12307726 bytes
->FireFox cache emptied: 131778623 bytes
->Google Chrome cache emptied: 97309238 bytes
->Flash cache emptied: 677 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4916 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 236,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Jirka
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.9.1 log created on 08062010_200945
Files\Folders moved on Reboot...
C:\Users\Jirka\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Re: Prosím o kontrolu logu
Co na skript PC, jak se chova
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu
Řekl bych, že je vše v pohodě. Mám dát ještě nějaký log pro úplnou kontrolu a uzavření tohoto tématu?
Re: Prosím o kontrolu logu
Jeste uklidime po utilitach a udelame zaverecnou 
TFC http://oldtimer.geekstogo.com/TFC.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič
Vlozte novy log ze RSITu
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaruPanel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
Vlozte novy log ze RSITu"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu
Logfile of random's system information tool 1.08 (written by random/random)
Run by Jirka at 2010-08-08 11:02:01
Microsoft Windows 7 Ultimate
System drive C: has 9 GB (17%) free of 53 GB
Total RAM: 4095 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:02:11, on 8.8.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
D:\Program Files\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
D:\Program Files\DAEMON Tools\DTLite.exe
D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\AsScrPro.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\trend micro\Jirka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SmartRAM] "D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Stahnou vse FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Stahnout FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ\ICQ7.2\ICQ.exe
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Služba Plánovač2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - D:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 9229 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
winlogon.exe
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"D:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe" /StartService
"D:\Program Files\OO Software\Defrag\oodag.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe" -service
"C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe" /StartService
C:\Windows\System32\svchost.exe -k WerSvcGroup
"D:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe"
"taskhost.exe"
taskeng.exe {910E47D2-954E-48C3-B4B7-8B8B45F20183}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"D:\Program Files\Advanced SystemCare 3\AWC.exe" /startup
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
Atouch64.exe
"D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"D:\Program Files\DAEMON Tools\DTLite.exe" -autorun
"D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
ATKOSD.exe
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip
KBFiltr.exe
WDC.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
"D:\Program Files\iTunes\iTunesHelper.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" gpureading
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\AsScrPro.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"D:\Program Files\Mozilla Firefox\firefox.exe"
C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Jirka\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\AWC Update.job
C:\Windows\tasks\SmartDefrag.job
C:\Windows\tasks\Windows 7 Manager Live Update.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\bin\jp2ssv.dll [2010-06-19 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}]
FlashGetBHO - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2010-05-11 144944]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\bin\jp2ssv.dll [2010-06-19 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-09-30 621440]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-08-12 323072]
"egui"=D:\Program Files\ESET\ESET Smart Security\egui.exe [2010-04-07 2839840]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools\DTLite.exe [2010-04-01 357696]
"SmartRAM"=D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe [2010-07-02 198864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Služba Plánovač2]
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2009-12-14 377600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2010-02-02 3058304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
D:\Program Files\OO Software\Defrag\oodtray.exe [2009-09-12 3832064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-28 11101800]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [2009-08-19 170624]
"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-07-13 47904]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-18 421888]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2009-07-14 115200]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0x00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files\FlashGet\FlashGet3.exe"="D:\Program Files\FlashGet\FlashGet3.exe:*:Enabled:Flashget3"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-08-08 11:02:01 ----D---- C:\rsit
2010-08-07 14:30:10 ----D---- C:\Users\Jirka\AppData\Roaming\vlc
2010-08-07 11:48:09 ----D---- C:\Windows\SYSWOW64\RTCOM
2010-08-07 11:47:54 ----A---- C:\Windows\system32\RtPgEx64.dll
2010-08-07 11:47:54 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2010-08-07 11:47:54 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RtkCfg64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RtkAPO64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RtkApi64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RTEEP64A.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RTEEL64A.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RTEEG64A.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RTEED64A.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RTCOM64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RP3DHT64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RP3DAA64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RCoInst64.dll
2010-08-07 11:47:45 ----A---- C:\Windows\system32\FMAPO64.dll
2010-08-07 11:47:44 ----A---- C:\Windows\system32\AERTAR64.dll
2010-08-07 11:47:44 ----A---- C:\Windows\system32\AERTAC64.dll
2010-08-07 11:47:42 ----A---- C:\Windows\RtlExUpd.dll
2010-08-06 19:47:53 ----A---- C:\Windows\system32\shell32.dll
2010-08-06 19:47:52 ----A---- C:\Windows\SYSWOW64\shell32.dll
2010-07-31 18:15:20 ----D---- C:\Windows\SYSWOW64\drivers\down
2010-07-30 19:35:05 ----D---- C:\Program Files (x86)\trend micro
2010-07-25 17:53:06 ----D---- C:\ProgramData\ESET
2010-07-24 12:32:06 ----D---- C:\Program Files\iPod
2010-07-24 12:32:05 ----D---- C:\Program Files\iTunes
2010-07-22 00:17:34 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2010-07-17 21:53:05 ----D---- C:\Program Files (x86)\QuickTime
2010-07-13 20:27:26 ----A---- C:\Windows\system32\cdd.dll
2010-07-13 00:27:24 ----A---- C:\Windows\system32\nvhdap64.dll
2010-07-13 00:27:24 ----A---- C:\Windows\system32\nvapo64v.dll
2010-07-13 00:27:24 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2010-07-13 00:27:02 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2010-07-13 00:26:59 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2010-07-13 00:26:59 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2010-07-13 00:26:59 ----A---- C:\Windows\system32\OpenCL.dll
2010-07-13 00:26:57 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2010-07-13 00:26:57 ----A---- C:\Windows\SYSWOW64\nvdecodemft.dll
2010-07-13 00:26:57 ----A---- C:\Windows\system32\nvoglv64.dll
2010-07-13 00:26:57 ----A---- C:\Windows\system32\nvdecodemft.dll
2010-07-13 00:26:53 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2010-07-13 00:26:53 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2010-07-13 00:26:53 ----A---- C:\Windows\system32\nvcuvid.dll
2010-07-13 00:26:51 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-07-13 00:26:50 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2010-07-13 00:26:50 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2010-07-13 00:26:50 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2010-07-13 00:26:50 ----A---- C:\Windows\system32\nvcuda.dll
2010-07-13 00:26:47 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2010-07-13 00:26:47 ----A---- C:\Windows\system32\nvcompiler.dll
2010-07-13 00:26:47 ----A---- C:\Windows\system32\nvcod.dll
2010-07-10 23:11:49 ----D---- C:\Windows\system32\catroot2
2010-07-10 22:57:40 ----D---- C:\Windows\SoftwareDistribution
2010-07-10 11:14:44 ----D---- C:\Users\Jirka\AppData\Roaming\Malwarebytes
2010-07-10 11:14:37 ----D---- C:\ProgramData\Malwarebytes
2010-07-10 00:26:02 ----HD---- C:\Autorun.inf
2010-07-10 00:16:25 ----D---- C:\ProgramData\GroupPolicy
2010-07-09 22:18:47 ----A---- C:\Windows\CompatibilityIssues.txt
2010-07-09 20:19:19 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2010-07-09 20:17:26 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2010-07-09 20:17:14 ----RHD---- C:\MSOCache
2010-07-09 20:06:06 ----A---- C:\Windows\KMSAct.exe
2010-07-09 19:48:18 ----D---- C:\Windows\PCHEALTH
2010-07-09 19:46:15 ----D---- C:\Program Files (x86)\Microsoft Office
2010-07-09 16:17:18 ----A---- C:\Windows\system32\nvvsvc.exe
2010-07-09 16:17:18 ----A---- C:\Windows\system32\nvsvcr.dll
2010-07-09 16:17:18 ----A---- C:\Windows\system32\nvsvc64.dll
2010-07-09 16:17:18 ----A---- C:\Windows\system32\nvmctray.dll
2010-07-09 16:17:18 ----A---- C:\Windows\system32\nvhotkey.dll
2010-07-09 16:17:18 ----A---- C:\Windows\system32\nvcpl.dll
2010-07-09 13:19:02 ----SHD---- C:\Config.Msi
2010-07-09 01:36:00 ----A---- C:\Windows\ATKPF.ini
======List of files/folders modified in the last 1 months======
2010-08-08 11:02:11 ----D---- C:\Windows\Prefetch
2010-08-08 11:02:02 ----D---- C:\Windows\Temp
2010-08-08 10:59:35 ----RSHD---- C:\Program Files (x86)
2010-08-08 10:56:53 ----D---- C:\Windows\system32\LogFiles
2010-08-08 10:56:53 ----D---- C:\Windows
2010-08-08 10:53:51 ----D---- C:\Windows\inf
2010-08-08 10:53:51 ----AD---- C:\Windows\System32
2010-08-08 10:53:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-08 10:52:47 ----D---- C:\Windows\system32\config
2010-08-08 10:50:02 ----D---- C:\Windows\system32\Tasks
2010-08-07 22:43:04 ----D---- C:\Users\Jirka\AppData\Roaming\BITS
2010-08-07 14:52:18 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2010-08-07 13:26:09 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2010-08-07 11:48:22 ----HD---- C:\Program Files (x86)\Temp
2010-08-07 11:48:09 ----D---- C:\Windows\SysWOW64
2010-08-07 11:48:09 ----D---- C:\Windows\system32\drivers
2010-08-07 11:48:08 ----D---- C:\Windows\system32\catroot
2010-08-07 11:48:05 ----D---- C:\Windows\system32\DriverStore
2010-08-07 11:47:44 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-08-06 20:10:58 ----SHD---- C:\System Volume Information
2010-08-06 20:10:20 ----D---- C:\Windows\system32\drivers\etc
2010-08-06 20:00:07 ----D---- C:\Windows\winsxs
2010-08-06 19:58:49 ----D---- C:\Users\Jirka\AppData\Roaming\ICQ
2010-08-01 09:36:11 ----A---- C:\Windows\system32\AutoRunFilter.ini
2010-07-31 18:32:28 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-07-31 18:17:38 ----AD---- C:\ProgramData\Temp
2010-07-31 18:15:20 ----HD---- C:\Windows\SYSWOW64\drivers
2010-07-31 10:16:13 ----D---- C:\Users\Jirka\AppData\Roaming\dvdcss
2010-07-26 16:02:21 ----SHD---- C:\Windows\Installer
2010-07-25 17:53:06 ----HD---- C:\ProgramData
2010-07-24 12:32:06 ----RD---- C:\Program Files
2010-07-23 09:54:29 ----RSHD---- C:\Program Files (x86)\_scott_cmsn
2010-07-22 08:40:10 ----A---- C:\Windows\system32\ServiceFilter.ini
2010-07-19 00:36:56 ----D---- C:\ProgramData\PlatinumHideIP
2010-07-18 11:29:09 ----SD---- C:\Users\Jirka\AppData\Roaming\Microsoft
2010-07-17 21:53:05 ----D---- C:\ProgramData\Apple Computer
2010-07-14 14:56:37 ----D---- C:\Program Files (x86)\Windows Media Player
2010-07-14 14:12:16 ----D---- C:\Windows\SYSWOW64\en-US
2010-07-14 13:52:21 ----D---- C:\Program Files\Windows Media Player
2010-07-14 08:05:55 ----D---- C:\Windows\debug
2010-07-13 21:23:17 ----D---- C:\ProgramData\Microsoft Help
2010-07-13 00:40:02 ----D---- C:\ProgramData\NVIDIA
2010-07-10 22:25:54 ----D---- C:\Windows\Tasks
2010-07-10 21:29:12 ----D---- C:\Users\Jirka\AppData\Roaming\Mozilla
2010-07-10 15:48:33 ----RSD---- C:\Windows\Fonts
2010-07-10 14:34:17 ----RSD---- C:\Windows\assembly
2010-07-10 14:34:17 ----D---- C:\Windows\system32\wfp
2010-07-10 14:34:17 ----D---- C:\Windows\system32\cs-CZ
2010-07-10 14:34:17 ----D---- C:\Windows\ehome
2010-07-10 14:34:15 ----D---- C:\Windows\system32\wbem
2010-07-10 14:33:29 ----D---- C:\Windows\SYSWOW64\wbem
2010-07-10 14:33:29 ----D---- C:\Windows\SYSWOW64\migration
2010-07-10 14:33:29 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-07-10 14:33:29 ----D---- C:\Windows\PolicyDefinitions
2010-07-10 14:33:28 ----D---- C:\Program Files\DVD Maker
2010-07-10 14:33:24 ----D---- C:\Windows\system32\CodeIntegrity
2010-07-10 14:33:21 ----D---- C:\Users\Jirka\AppData\Roaming\GHISLER
2010-07-10 14:33:21 ----D---- C:\ProgramData\P4G
2010-07-10 14:33:20 ----D---- C:\ProgramData\FLEXnet
2010-07-10 14:33:03 ----D---- C:\Windows\registration
2010-07-10 14:32:44 ----D---- C:\Windows\Microsoft.NET
2010-07-10 00:38:00 ----A---- C:\Windows\system32\nvwgf2umx.dll
2010-07-10 00:38:00 ----A---- C:\Windows\system32\nvd3dumx.dll
2010-07-10 00:38:00 ----A---- C:\Windows\system32\nvcod1922.dll
2010-07-10 00:38:00 ----A---- C:\Windows\system32\nvapi64.dll
2010-07-10 00:06:50 ----D---- C:\Program Files\Internet Explorer
2010-07-09 20:19:19 ----D---- C:\Program Files (x86)\Common Files
2010-07-09 20:19:10 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-07-09 20:19:10 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-07-09 20:18:21 ----SD---- C:\ProgramData\Microsoft
2010-07-09 20:18:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-09 20:17:42 ----A---- C:\Windows\win.ini
2010-07-09 20:17:30 ----D---- C:\Windows\ShellNew
2010-07-09 20:08:42 ----D---- C:\Program Files\Common Files
2010-07-09 20:08:12 ----D---- C:\Program Files\Common Files\System
2010-07-09 00:44:39 ----A---- C:\Windows\system32\Defrag.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-07-30 241696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 75384]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 107384]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-02-02 254496]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-02-02 834544]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251); C:\Windows\system32\DRIVERS\tdrpm251.sys [2010-02-02 1455648]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-02-02 929312]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-07 139704]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-09-23 359552]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 cpuz133;cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys [2010-03-30 20968]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-04-07 163888]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-04-07 169592]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-04-07 50600]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-04-07 33608]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-28 2445672]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2010-06-22 131688]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM; C:\Windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-29 28704]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1806400]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7; C:\Windows\system32\DRIVERS\ts_athwx.sys [2010-03-02 2103336]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
S2 Mswam;Windows Aplication Manager; \??\C:\Users\Jirka\AppData\Roaming\Mswam.sys []
S3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-12 40448]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2009-08-28 21504]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 42912]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2009-10-26 117152]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2009-10-26 38944]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2009-11-03 29696]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2010-04-19 50688]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Služba Plánovač2; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2009-12-14 829216]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-09-17 359552]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 ekrn;ESET Service; D:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-04-07 810120]
R2 nTuneService;Performance Service; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [2009-11-06 276584]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 159336]
R2 O&O Defrag;O&O Defrag; D:\Program Files\OO Software\Defrag\oodag.exe [2009-09-12 2287360]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-08-07 66872]
R2 SBSDWSCService;SBSD Security Center Service; D:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TeamViewer4;TeamViewer 4; C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2009-06-16 185640]
R2 UpdateCenterService;Update Center Service; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [2009-11-06 282728]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 654112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 StarWindServiceAE;StarWind AE Service; D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2009-11-15 13080]
S3 EhttpSrv;ESET HTTP Server; D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-04-07 42336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-02 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-02 655624]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2010-01-04 244904]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
-----------------EOF-----------------
Run by Jirka at 2010-08-08 11:02:01
Microsoft Windows 7 Ultimate
System drive C: has 9 GB (17%) free of 53 GB
Total RAM: 4095 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:02:11, on 8.8.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
D:\Program Files\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
D:\Program Files\DAEMON Tools\DTLite.exe
D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\AsScrPro.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\trend micro\Jirka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SmartRAM] "D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Stahnou vse FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Stahnout FlashGet3 - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\GetUrl.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ\ICQ7.2\ICQ.exe
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Služba Plánovač2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - D:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 9229 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
winlogon.exe
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"D:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe" /StartService
"D:\Program Files\OO Software\Defrag\oodag.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe" -service
"C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe" /StartService
C:\Windows\System32\svchost.exe -k WerSvcGroup
"D:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe"
"taskhost.exe"
taskeng.exe {910E47D2-954E-48C3-B4B7-8B8B45F20183}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"D:\Program Files\Advanced SystemCare 3\AWC.exe" /startup
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
Atouch64.exe
"D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"D:\Program Files\DAEMON Tools\DTLite.exe" -autorun
"D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
ATKOSD.exe
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip
KBFiltr.exe
WDC.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
"D:\Program Files\iTunes\iTunesHelper.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" gpureading
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\AsScrPro.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"D:\Program Files\Mozilla Firefox\firefox.exe"
C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Jirka\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\AWC Update.job
C:\Windows\tasks\SmartDefrag.job
C:\Windows\tasks\Windows 7 Manager Live Update.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\bin\jp2ssv.dll [2010-06-19 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}]
FlashGetBHO - C:\Users\Jirka\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2010-05-11 144944]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\bin\jp2ssv.dll [2010-06-19 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-09-30 621440]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-08-12 323072]
"egui"=D:\Program Files\ESET\ESET Smart Security\egui.exe [2010-04-07 2839840]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools\DTLite.exe [2010-04-01 357696]
"SmartRAM"=D:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe [2010-07-02 198864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Služba Plánovač2]
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2009-12-14 377600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2010-02-02 3058304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
D:\Program Files\OO Software\Defrag\oodtray.exe [2009-09-12 3832064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-28 11101800]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [2009-08-19 170624]
"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-07-13 47904]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-18 421888]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2009-07-14 115200]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0x00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files\FlashGet\FlashGet3.exe"="D:\Program Files\FlashGet\FlashGet3.exe:*:Enabled:Flashget3"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-08-08 11:02:01 ----D---- C:\rsit
2010-08-07 14:30:10 ----D---- C:\Users\Jirka\AppData\Roaming\vlc
2010-08-07 11:48:09 ----D---- C:\Windows\SYSWOW64\RTCOM
2010-08-07 11:47:54 ----A---- C:\Windows\system32\RtPgEx64.dll
2010-08-07 11:47:54 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2010-08-07 11:47:54 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RtkCfg64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RtkAPO64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RtkApi64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RTEEP64A.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RTEEL64A.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RTEEG64A.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RTEED64A.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RTCOM64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RP3DHT64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RP3DAA64.dll
2010-08-07 11:47:53 ----A---- C:\Windows\system32\RCoInst64.dll
2010-08-07 11:47:45 ----A---- C:\Windows\system32\FMAPO64.dll
2010-08-07 11:47:44 ----A---- C:\Windows\system32\AERTAR64.dll
2010-08-07 11:47:44 ----A---- C:\Windows\system32\AERTAC64.dll
2010-08-07 11:47:42 ----A---- C:\Windows\RtlExUpd.dll
2010-08-06 19:47:53 ----A---- C:\Windows\system32\shell32.dll
2010-08-06 19:47:52 ----A---- C:\Windows\SYSWOW64\shell32.dll
2010-07-31 18:15:20 ----D---- C:\Windows\SYSWOW64\drivers\down
2010-07-30 19:35:05 ----D---- C:\Program Files (x86)\trend micro
2010-07-25 17:53:06 ----D---- C:\ProgramData\ESET
2010-07-24 12:32:06 ----D---- C:\Program Files\iPod
2010-07-24 12:32:05 ----D---- C:\Program Files\iTunes
2010-07-22 00:17:34 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2010-07-17 21:53:05 ----D---- C:\Program Files (x86)\QuickTime
2010-07-13 20:27:26 ----A---- C:\Windows\system32\cdd.dll
2010-07-13 00:27:24 ----A---- C:\Windows\system32\nvhdap64.dll
2010-07-13 00:27:24 ----A---- C:\Windows\system32\nvapo64v.dll
2010-07-13 00:27:24 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2010-07-13 00:27:02 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2010-07-13 00:26:59 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2010-07-13 00:26:59 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2010-07-13 00:26:59 ----A---- C:\Windows\system32\OpenCL.dll
2010-07-13 00:26:57 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2010-07-13 00:26:57 ----A---- C:\Windows\SYSWOW64\nvdecodemft.dll
2010-07-13 00:26:57 ----A---- C:\Windows\system32\nvoglv64.dll
2010-07-13 00:26:57 ----A---- C:\Windows\system32\nvdecodemft.dll
2010-07-13 00:26:53 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2010-07-13 00:26:53 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2010-07-13 00:26:53 ----A---- C:\Windows\system32\nvcuvid.dll
2010-07-13 00:26:51 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-07-13 00:26:50 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2010-07-13 00:26:50 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2010-07-13 00:26:50 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2010-07-13 00:26:50 ----A---- C:\Windows\system32\nvcuda.dll
2010-07-13 00:26:47 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2010-07-13 00:26:47 ----A---- C:\Windows\system32\nvcompiler.dll
2010-07-13 00:26:47 ----A---- C:\Windows\system32\nvcod.dll
2010-07-10 23:11:49 ----D---- C:\Windows\system32\catroot2
2010-07-10 22:57:40 ----D---- C:\Windows\SoftwareDistribution
2010-07-10 11:14:44 ----D---- C:\Users\Jirka\AppData\Roaming\Malwarebytes
2010-07-10 11:14:37 ----D---- C:\ProgramData\Malwarebytes
2010-07-10 00:26:02 ----HD---- C:\Autorun.inf
2010-07-10 00:16:25 ----D---- C:\ProgramData\GroupPolicy
2010-07-09 22:18:47 ----A---- C:\Windows\CompatibilityIssues.txt
2010-07-09 20:19:19 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2010-07-09 20:17:26 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2010-07-09 20:17:14 ----RHD---- C:\MSOCache
2010-07-09 20:06:06 ----A---- C:\Windows\KMSAct.exe
2010-07-09 19:48:18 ----D---- C:\Windows\PCHEALTH
2010-07-09 19:46:15 ----D---- C:\Program Files (x86)\Microsoft Office
2010-07-09 16:17:18 ----A---- C:\Windows\system32\nvvsvc.exe
2010-07-09 16:17:18 ----A---- C:\Windows\system32\nvsvcr.dll
2010-07-09 16:17:18 ----A---- C:\Windows\system32\nvsvc64.dll
2010-07-09 16:17:18 ----A---- C:\Windows\system32\nvmctray.dll
2010-07-09 16:17:18 ----A---- C:\Windows\system32\nvhotkey.dll
2010-07-09 16:17:18 ----A---- C:\Windows\system32\nvcpl.dll
2010-07-09 13:19:02 ----SHD---- C:\Config.Msi
2010-07-09 01:36:00 ----A---- C:\Windows\ATKPF.ini
======List of files/folders modified in the last 1 months======
2010-08-08 11:02:11 ----D---- C:\Windows\Prefetch
2010-08-08 11:02:02 ----D---- C:\Windows\Temp
2010-08-08 10:59:35 ----RSHD---- C:\Program Files (x86)
2010-08-08 10:56:53 ----D---- C:\Windows\system32\LogFiles
2010-08-08 10:56:53 ----D---- C:\Windows
2010-08-08 10:53:51 ----D---- C:\Windows\inf
2010-08-08 10:53:51 ----AD---- C:\Windows\System32
2010-08-08 10:53:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-08 10:52:47 ----D---- C:\Windows\system32\config
2010-08-08 10:50:02 ----D---- C:\Windows\system32\Tasks
2010-08-07 22:43:04 ----D---- C:\Users\Jirka\AppData\Roaming\BITS
2010-08-07 14:52:18 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2010-08-07 13:26:09 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2010-08-07 11:48:22 ----HD---- C:\Program Files (x86)\Temp
2010-08-07 11:48:09 ----D---- C:\Windows\SysWOW64
2010-08-07 11:48:09 ----D---- C:\Windows\system32\drivers
2010-08-07 11:48:08 ----D---- C:\Windows\system32\catroot
2010-08-07 11:48:05 ----D---- C:\Windows\system32\DriverStore
2010-08-07 11:47:44 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-08-06 20:10:58 ----SHD---- C:\System Volume Information
2010-08-06 20:10:20 ----D---- C:\Windows\system32\drivers\etc
2010-08-06 20:00:07 ----D---- C:\Windows\winsxs
2010-08-06 19:58:49 ----D---- C:\Users\Jirka\AppData\Roaming\ICQ
2010-08-01 09:36:11 ----A---- C:\Windows\system32\AutoRunFilter.ini
2010-07-31 18:32:28 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-07-31 18:17:38 ----AD---- C:\ProgramData\Temp
2010-07-31 18:15:20 ----HD---- C:\Windows\SYSWOW64\drivers
2010-07-31 10:16:13 ----D---- C:\Users\Jirka\AppData\Roaming\dvdcss
2010-07-26 16:02:21 ----SHD---- C:\Windows\Installer
2010-07-25 17:53:06 ----HD---- C:\ProgramData
2010-07-24 12:32:06 ----RD---- C:\Program Files
2010-07-23 09:54:29 ----RSHD---- C:\Program Files (x86)\_scott_cmsn
2010-07-22 08:40:10 ----A---- C:\Windows\system32\ServiceFilter.ini
2010-07-19 00:36:56 ----D---- C:\ProgramData\PlatinumHideIP
2010-07-18 11:29:09 ----SD---- C:\Users\Jirka\AppData\Roaming\Microsoft
2010-07-17 21:53:05 ----D---- C:\ProgramData\Apple Computer
2010-07-14 14:56:37 ----D---- C:\Program Files (x86)\Windows Media Player
2010-07-14 14:12:16 ----D---- C:\Windows\SYSWOW64\en-US
2010-07-14 13:52:21 ----D---- C:\Program Files\Windows Media Player
2010-07-14 08:05:55 ----D---- C:\Windows\debug
2010-07-13 21:23:17 ----D---- C:\ProgramData\Microsoft Help
2010-07-13 00:40:02 ----D---- C:\ProgramData\NVIDIA
2010-07-10 22:25:54 ----D---- C:\Windows\Tasks
2010-07-10 21:29:12 ----D---- C:\Users\Jirka\AppData\Roaming\Mozilla
2010-07-10 15:48:33 ----RSD---- C:\Windows\Fonts
2010-07-10 14:34:17 ----RSD---- C:\Windows\assembly
2010-07-10 14:34:17 ----D---- C:\Windows\system32\wfp
2010-07-10 14:34:17 ----D---- C:\Windows\system32\cs-CZ
2010-07-10 14:34:17 ----D---- C:\Windows\ehome
2010-07-10 14:34:15 ----D---- C:\Windows\system32\wbem
2010-07-10 14:33:29 ----D---- C:\Windows\SYSWOW64\wbem
2010-07-10 14:33:29 ----D---- C:\Windows\SYSWOW64\migration
2010-07-10 14:33:29 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-07-10 14:33:29 ----D---- C:\Windows\PolicyDefinitions
2010-07-10 14:33:28 ----D---- C:\Program Files\DVD Maker
2010-07-10 14:33:24 ----D---- C:\Windows\system32\CodeIntegrity
2010-07-10 14:33:21 ----D---- C:\Users\Jirka\AppData\Roaming\GHISLER
2010-07-10 14:33:21 ----D---- C:\ProgramData\P4G
2010-07-10 14:33:20 ----D---- C:\ProgramData\FLEXnet
2010-07-10 14:33:03 ----D---- C:\Windows\registration
2010-07-10 14:32:44 ----D---- C:\Windows\Microsoft.NET
2010-07-10 00:38:00 ----A---- C:\Windows\system32\nvwgf2umx.dll
2010-07-10 00:38:00 ----A---- C:\Windows\system32\nvd3dumx.dll
2010-07-10 00:38:00 ----A---- C:\Windows\system32\nvcod1922.dll
2010-07-10 00:38:00 ----A---- C:\Windows\system32\nvapi64.dll
2010-07-10 00:06:50 ----D---- C:\Program Files\Internet Explorer
2010-07-09 20:19:19 ----D---- C:\Program Files (x86)\Common Files
2010-07-09 20:19:10 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-07-09 20:19:10 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-07-09 20:18:21 ----SD---- C:\ProgramData\Microsoft
2010-07-09 20:18:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-09 20:17:42 ----A---- C:\Windows\win.ini
2010-07-09 20:17:30 ----D---- C:\Windows\ShellNew
2010-07-09 20:08:42 ----D---- C:\Program Files\Common Files
2010-07-09 20:08:12 ----D---- C:\Program Files\Common Files\System
2010-07-09 00:44:39 ----A---- C:\Windows\system32\Defrag.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-07-30 241696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 75384]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 107384]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-02-02 254496]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-02-02 834544]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251); C:\Windows\system32\DRIVERS\tdrpm251.sys [2010-02-02 1455648]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-02-02 929312]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-07 139704]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-09-23 359552]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 cpuz133;cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys [2010-03-30 20968]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-04-07 163888]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-04-07 169592]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-04-07 50600]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-04-07 33608]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-28 2445672]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2010-06-22 131688]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM; C:\Windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-29 28704]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1806400]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7; C:\Windows\system32\DRIVERS\ts_athwx.sys [2010-03-02 2103336]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
S2 Mswam;Windows Aplication Manager; \??\C:\Users\Jirka\AppData\Roaming\Mswam.sys []
S3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-12 40448]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2009-08-28 21504]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 42912]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2009-10-26 117152]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2009-10-26 38944]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2009-11-03 29696]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2010-04-19 50688]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Služba Plánovač2; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2009-12-14 829216]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-09-17 359552]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 ekrn;ESET Service; D:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-04-07 810120]
R2 nTuneService;Performance Service; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [2009-11-06 276584]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 159336]
R2 O&O Defrag;O&O Defrag; D:\Program Files\OO Software\Defrag\oodag.exe [2009-09-12 2287360]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-08-07 66872]
R2 SBSDWSCService;SBSD Security Center Service; D:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TeamViewer4;TeamViewer 4; C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2009-06-16 185640]
R2 UpdateCenterService;Update Center Service; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [2009-11-06 282728]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 654112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 StarWindServiceAE;StarWind AE Service; D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2009-11-15 13080]
S3 EhttpSrv;ESET HTTP Server; D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-04-07 42336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-02 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-02 655624]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2010-01-04 244904]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
-----------------EOF-----------------
Re: Prosím o kontrolu logu
Otevrete si poznamkovy blok
- Start->spustit->notepad
- Vlozte text nize
Kód: Vybrat vše
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=- "iTunesHelper"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]- Soubor ulozte jako oprava.reg
- Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
- Zavrit notepad a spustit oprava.reg
- Pripadny dotaz na zmenu registru potvrdte
- Okno jen problikne a opravi regsitry - soubor muzete smazat
Jinak log vypada OK "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu
Ok, hotovo. Pokud je třeba ještě něco -log atd., tak sem s tím, co udělat
Pokud ne, tak moc díky za pomoc
Pokud ne, tak moc díky za pomoc
Přispějete na provoz fóra?