tretia cast
========== Files - Modified Within 30 Days ==========
[2011.02.03 19:48:42 | 000,000,668 | ---- | M] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2011.02.03 17:53:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.03 17:53:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.03 17:46:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011.02.03 17:46:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.03 17:46:10 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.03 10:31:39 | 000,309,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.03 10:18:54 | 000,001,298 | ---- | M] () -- C:\Users\IlegaliTy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk
[2011.02.02 23:15:56 | 020,364,702 | ---- | M] () -- C:\Users\IlegaliTy\Documents\vlc-1.1.7-win32.exe
[2011.02.02 20:00:49 | 000,007,672 | ---- | M] () -- C:\Users\IlegaliTy\AppData\Local\Resmon.ResmonCfg
[2011.02.01 12:35:40 | 000,001,980 | ---- | M] () -- C:\Users\IlegaliTy\Desktop\CrystalDiskInfo.lnk
[2011.01.31 08:38:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.31 08:20:10 | 001,470,062 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.01.31 08:20:10 | 000,622,946 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011.01.31 08:20:10 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.01.31 08:20:10 | 000,121,590 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011.01.31 08:20:10 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.01.31 00:10:50 | 000,000,146 | ---- | M] () -- C:\Users\IlegaliTy\Desktop\Ovládací panel NVIDIA - odkaz.lnk
[2011.01.30 17:28:29 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.01.30 17:28:29 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.01.30 17:28:29 | 000,122,968 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011.01.30 17:28:29 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011.01.30 17:25:42 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\F1 2010.lnk
[2011.01.30 11:20:38 | 000,000,432 | ---- | M] () -- C:\Users\IlegaliTy\Desktop\Jednotka CD.lnk
[2011.01.30 11:04:39 | 000,001,291 | ---- | M] () -- C:\Users\IlegaliTy\Desktop\deadspace2.exe.lnk
[2011.01.30 10:23:38 | 000,000,460 | ---- | M] () -- C:\Users\IlegaliTy\Desktop\Maxell (N).lnk
[2011.01.29 20:05:04 | 000,073,216 | ---- | M] (KelSat Presents) -- C:\Users\IlegaliTy\Desktop\Dead_Space_2_V1.0_Plus_9_Trainer_By_KelSat.exe
[2011.01.27 18:29:39 | 000,001,258 | ---- | M] () -- C:\Users\IlegaliTy\Desktop\Mxreflex.lnk
[2011.01.27 18:27:16 | 000,001,466 | ---- | M] () -- C:\Users\IlegaliTy\Desktop\deadspace.exe.lnk
[2011.01.25 21:34:29 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011.01.25 17:36:29 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Nail'd.lnk
[2011.01.25 13:54:06 | 000,000,000 | ---- | M] () -- C:\Windows\XXLGSC
[2011.01.25 13:36:24 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.01.24 19:29:57 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2011.01.24 19:29:57 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2011.01.24 18:10:32 | 000,000,318 | ---- | M] () -- C:\Users\IlegaliTy\Desktop\CZShare Manager.appref-ms
[2011.01.24 16:42:44 | 000,102,577 | ---- | M] () -- C:\Users\IlegaliTy\Documents\desktop_91838729.ico
[2011.01.24 12:39:48 | 000,847,418 | ---- | M] () -- C:\Users\IlegaliTy\Documents\konto upc.jpg
[2011.01.24 09:24:10 | 000,002,455 | ---- | M] () -- C:\Windows\TRNCOM.INI
[2011.01.23 22:55:42 | 001,004,072 | ---- | M] (Magical Jelly Bean ) -- C:\Users\IlegaliTy\Desktop\KeyFinderInstaller.exe
[2011.01.23 22:23:45 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.01.23 17:07:19 | 055,204,688 | ---- | M] () -- C:\Users\IlegaliTy\Desktop\launch.exe
[2011.01.23 12:14:44 | 000,581,632 | ---- | M] () -- C:\Users\IlegaliTy\Desktop\MAILTRAN.EXE
[2011.01.23 11:46:19 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.01.23 10:21:32 | 000,001,351 | ---- | M] () -- C:\Users\IlegaliTy\Desktop\Sticky Notes.lnk
[2011.01.22 21:32:43 | 000,832,273 | ---- | M] () -- C:\Users\IlegaliTy\Desktop\RSITx64.exe
[2011.01.22 21:25:06 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.01.22 21:25:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.01.22 21:25:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.01.22 21:25:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.01.22 21:17:14 | 000,000,480 | ---- | M] () -- C:\Users\IlegaliTy\Desktop\WINXP (C).lnk
[2011.01.22 21:17:12 | 000,000,455 | ---- | M] () -- C:\Users\IlegaliTy\Desktop\WINXP (I).lnk
[2011.01.22 20:52:04 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2011.01.22 20:52:01 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011.01.22 20:52:01 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2011.01.22 20:52:01 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2011.01.22 20:52:00 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2011.01.22 20:52:00 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2011.01.22 17:09:30 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011.01.22 16:24:20 | 000,000,930 | ---- | M] () -- C:\Users\IlegaliTy\Desktop\Downloads.lnk
[2011.01.22 14:19:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2011.01.22 13:26:34 | 000,000,012 | RHS- | M] () -- C:\win7.ld
[2011.01.22 13:26:33 | 000,203,464 | RHS- | M] () -- C:\grldr
[2011.01.22 13:19:36 | 000,061,655 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.01.22 13:19:36 | 000,061,655 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011.01.22 13:16:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.01.22 13:13:18 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011.01.22 13:13:17 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2011.01.22 12:20:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.01.22 12:20:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011.01.22 12:20:53 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011.01.22 12:16:56 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.02.03 19:48:42 | 000,000,668 | ---- | C] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2011.02.03 10:28:32 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011.02.03 10:18:54 | 000,001,298 | ---- | C] () -- C:\Users\IlegaliTy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk
[2011.02.02 23:15:37 | 020,364,702 | ---- | C] () -- C:\Users\IlegaliTy\Documents\vlc-1.1.7-win32.exe
[2011.02.01 12:35:40 | 000,001,980 | ---- | C] () -- C:\Users\IlegaliTy\Desktop\CrystalDiskInfo.lnk
[2011.01.31 08:38:09 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.31 00:10:50 | 000,000,146 | ---- | C] () -- C:\Users\IlegaliTy\Desktop\Ovládací panel NVIDIA - odkaz.lnk
[2011.01.30 17:25:42 | 000,001,741 | ---- | C] () -- C:\Users\Public\Desktop\F1 2010.lnk
[2011.01.30 11:20:38 | 000,000,432 | ---- | C] () -- C:\Users\IlegaliTy\Desktop\Jednotka CD.lnk
[2011.01.30 10:23:38 | 000,000,460 | ---- | C] () -- C:\Users\IlegaliTy\Desktop\Maxell (N).lnk
[2011.01.29 18:58:55 | 000,001,291 | ---- | C] () -- C:\Users\IlegaliTy\Desktop\deadspace2.exe.lnk
[2011.01.27 18:29:41 | 000,001,258 | ---- | C] () -- C:\Users\IlegaliTy\Desktop\Mxreflex.lnk
[2011.01.27 18:27:17 | 000,001,466 | ---- | C] () -- C:\Users\IlegaliTy\Desktop\deadspace.exe.lnk
[2011.01.26 21:36:32 | 000,007,672 | ---- | C] () -- C:\Users\IlegaliTy\AppData\Local\Resmon.ResmonCfg
[2011.01.25 17:36:29 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Nail'd.lnk
[2011.01.25 13:36:24 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.01.24 19:29:57 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2011.01.24 19:29:57 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2011.01.24 18:10:32 | 000,000,318 | ---- | C] () -- C:\Users\IlegaliTy\Desktop\CZShare Manager.appref-ms
[2011.01.24 16:44:20 | 000,102,577 | ---- | C] () -- C:\Users\IlegaliTy\Documents\desktop_91838729.ico
[2011.01.24 13:04:40 | 000,002,203 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programy\TuneUp Utilities 2011
[2011.01.24 12:39:48 | 000,847,418 | ---- | C] () -- C:\Users\IlegaliTy\Documents\konto upc.jpg
[2011.01.24 12:38:59 | 000,000,000 | ---- | C] () -- C:\Users\IlegaliTy\Sti_Trace.log
[2011.01.23 22:18:07 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.01.23 17:05:23 | 055,204,688 | ---- | C] () -- C:\Users\IlegaliTy\Desktop\launch.exe
[2011.01.23 12:14:44 | 000,581,632 | ---- | C] () -- C:\Users\IlegaliTy\Desktop\MAILTRAN.EXE
[2011.01.23 11:46:19 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.01.23 10:21:32 | 000,001,351 | ---- | C] () -- C:\Users\IlegaliTy\Desktop\Sticky Notes.lnk
[2011.01.22 22:32:09 | 000,000,000 | ---- | C] () -- C:\Windows\XXLGSC
[2011.01.22 22:30:43 | 000,002,455 | ---- | C] () -- C:\Windows\TRNCOM.INI
[2011.01.22 21:32:43 | 000,832,273 | ---- | C] () -- C:\Users\IlegaliTy\Desktop\RSITx64.exe
[2011.01.22 21:17:14 | 000,000,480 | ---- | C] () -- C:\Users\IlegaliTy\Desktop\WINXP (C).lnk
[2011.01.22 21:17:12 | 000,000,455 | ---- | C] () -- C:\Users\IlegaliTy\Desktop\WINXP (I).lnk
[2011.01.22 17:43:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.01.22 17:14:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011.01.22 17:14:49 | 000,266,828 | ---- | C] () -- C:\Windows\SysNative\drivers\LVAFT.cfg
[2011.01.22 17:14:49 | 000,082,289 | ---- | C] () -- C:\Windows\SysNative\lvcoin64.ini
[2011.01.22 17:09:30 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011.01.22 16:35:48 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.01.22 16:35:48 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.01.22 16:35:48 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.01.22 16:35:48 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.01.22 16:35:48 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.01.22 16:35:48 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.01.22 16:35:48 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.01.22 16:35:48 | 000,013,732 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2011.01.22 16:35:48 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.01.22 16:35:48 | 000,006,442 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_IT.cfg
[2011.01.22 16:35:48 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2011.01.22 16:35:48 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2011.01.22 16:35:48 | 000,006,335 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_GE.cfg
[2011.01.22 16:35:48 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2011.01.22 16:35:48 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2011.01.22 16:35:48 | 000,006,122 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_DU.cfg
[2011.01.22 16:35:48 | 000,006,103 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2011.01.22 16:35:48 | 000,005,817 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_KO.cfg
[2011.01.22 16:35:48 | 000,005,436 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_SC.cfg
[2011.01.22 16:35:48 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.01.22 16:35:48 | 000,002,889 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_RU.cfg
[2011.01.22 16:35:48 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_TC.cfg
[2011.01.22 16:35:48 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.01.22 16:35:48 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.01.22 16:35:48 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.01.22 16:35:48 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.01.22 16:35:48 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.01.22 16:35:48 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.01.22 16:35:48 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.01.22 16:35:48 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.01.22 16:35:48 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.01.22 16:35:48 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.01.22 14:19:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2011.01.22 13:28:26 | 000,001,409 | ---- | C] () -- C:\Users\IlegaliTy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.01.22 13:28:18 | 000,001,443 | ---- | C] () -- C:\Users\IlegaliTy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.01.22 13:28:16 | 000,000,930 | ---- | C] () -- C:\Users\IlegaliTy\Desktop\Downloads.lnk
[2011.01.22 13:26:34 | 000,000,012 | RHS- | C] () -- C:\win7.ld
[2011.01.22 13:26:33 | 000,203,464 | RHS- | C] () -- C:\grldr
[2011.01.22 13:19:13 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.01.22 13:19:08 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.01.22 13:16:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.01.22 13:14:26 | 3220,037,632 | -HS- | C] () -- C:\hiberfil.sys
[2011.01.22 13:13:17 | 000,000,211 | -H-- | C] () -- C:\Boot.BAK
[2011.01.22 13:07:45 | 000,000,355 | RHS- | C] () -- C:\Boot.ini.saved
[2011.01.22 13:03:17 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011.01.22 13:03:13 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2011.01.22 12:20:53 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011.01.22 12:20:53 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011.01.22 12:20:53 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2011.01.22 21:05:30 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\Ashampoo
[2011.01.22 21:40:52 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\DAEMON Tools Lite
[2011.01.22 16:45:50 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\ESET
[2011.01.23 12:19:18 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\LangSoft
[2011.01.22 17:15:11 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\Leadertech
[2011.01.22 14:31:26 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\MotionDSP
[2011.02.03 19:48:40 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\OpenCandy
[2011.01.24 16:41:07 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\TuneUp Software
[2009.07.14 06:08:49 | 000,021,148 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 02:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.01.22 22:32:41 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\Adobe
[2011.01.22 18:03:04 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\Ahead
[2011.01.23 22:20:02 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\Apple Computer
[2011.01.22 21:05:30 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\Ashampoo
[2011.01.22 21:40:52 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\DAEMON Tools Lite
[2011.01.22 16:45:50 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\ESET
[2011.01.22 13:28:06 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\Identities
[2011.01.22 16:35:43 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\InstallShield
[2011.01.23 12:19:18 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\LangSoft
[2011.01.22 17:15:11 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\Leadertech
[2011.01.22 17:56:20 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\Macromedia
[2011.01.22 21:32:11 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\Malwarebytes
[2009.07.14 16:36:38 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\Media Center Programs
[2011.02.03 10:19:50 | 000,000,000 | --SD | M] -- C:\Users\IlegaliTy\AppData\Roaming\Microsoft
[2011.01.22 14:31:26 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\MotionDSP
[2011.01.22 13:35:48 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\Mozilla
[2011.02.03 19:48:40 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\OpenCandy
[2011.01.22 20:55:43 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\Real
[2011.02.02 21:14:12 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\Skype
[2011.02.02 17:23:38 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\skypePM
[2011.01.24 16:41:07 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\TuneUp Software
[2011.02.02 23:18:51 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\vlc
[2011.01.22 17:03:17 | 000,000,000 | ---D | M] -- C:\Users\IlegaliTy\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2011.02.03 19:48:41 | 000,356,576 | ---- | M] () -- C:\Users\IlegaliTy\AppData\Roaming\OpenCandy\OpenCandy_9F6A205636774D98B123DCA8BBFD9ADC\LatestDLMgr.exe
< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: CDROM.SYS >
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009.07.14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\SysNative\cryptsvc.dll
[2009.07.14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\SysWOW64\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
< MD5 for: IASTORV.SYS >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
< MD5 for: NDIS.SYS >
[2009.07.14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009.07.14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009.07.14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\drivers\nvraid.sys
[2009.07.14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: SMSS.EXE >
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2010.06.14 07:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010.06.14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\SysNative\drivers\tcpip.sys
[2010.06.14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009.07.14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll
[2009.07.14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:890CC2F3
< End of report >
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosim o kontrolu
Můžete se mi kouknout od této složky?
C:\Windows\XXLGSC
C:\Windows\XXLGSC
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosim o kontrolu
Je to prazdne.
Re: Prosim o kontrolu
Spustte OTL-do bílého okna dole skopírujte tento skript:
Kód: Vybrat vše
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:890CC2F3
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Windows\XXLGSC
C:\Windows\SysWow64\ezsidmv.dat
:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde
Ještě otestujte na www.virustotal.comC:\Users\IlegaliTy\AppData\Roaming\OpenCandy\OpenCandy_9F6A205636774D98B123DCA8BBFD9ADC\LatestDLMgr.exe
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosim o kontrolu
http://www.virustotal.com/file-scan/rep ... 1294499859
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\ProgramData\TEMP:890CC2F3 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP71B6.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\777169c2f599f89b738661f3da6ffdc7\BITBFAA.tmp moved successfully.
C:\WINDOWS\System32\tmpA459.tmp moved successfully.
C:\WINDOWS\System32\tmpA45A.tmp moved successfully.
C:\WINDOWS\System32\tmpA987.tmp moved successfully.
C:\WINDOWS\System32\tmpA988.tmp moved successfully.
C:\WINDOWS\System32\tmpEDF7.tmp moved successfully.
C:\WINDOWS\System32\tmpEDF8.tmp moved successfully.
C:\WINDOWS\Temp\HTT1409.tmp moved successfully.
C:\WINDOWS\Temp\HTT4105.tmp moved successfully.
C:\Windows\XXLGSC moved successfully.
C:\Windows\SysWow64\ezsidmv.dat moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: IlegaliTy
->Temp folder emptied: 112234850 bytes
->Temporary Internet Files folder emptied: 65183925 bytes
->Java cache emptied: 28854 bytes
->FireFox cache emptied: 62116363 bytes
->Flash cache emptied: 3580 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2016976 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 3898993989 bytes
Total Files Cleaned = 3 949,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: IlegaliTy
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.20.6 log created on 02062011_113022
Files\Folders moved on Reboot...
C:\Users\IlegaliTy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\ProgramData\TEMP:890CC2F3 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP71B6.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\777169c2f599f89b738661f3da6ffdc7\BITBFAA.tmp moved successfully.
C:\WINDOWS\System32\tmpA459.tmp moved successfully.
C:\WINDOWS\System32\tmpA45A.tmp moved successfully.
C:\WINDOWS\System32\tmpA987.tmp moved successfully.
C:\WINDOWS\System32\tmpA988.tmp moved successfully.
C:\WINDOWS\System32\tmpEDF7.tmp moved successfully.
C:\WINDOWS\System32\tmpEDF8.tmp moved successfully.
C:\WINDOWS\Temp\HTT1409.tmp moved successfully.
C:\WINDOWS\Temp\HTT4105.tmp moved successfully.
C:\Windows\XXLGSC moved successfully.
C:\Windows\SysWow64\ezsidmv.dat moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: IlegaliTy
->Temp folder emptied: 112234850 bytes
->Temporary Internet Files folder emptied: 65183925 bytes
->Java cache emptied: 28854 bytes
->FireFox cache emptied: 62116363 bytes
->Flash cache emptied: 3580 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2016976 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 3898993989 bytes
Total Files Cleaned = 3 949,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: IlegaliTy
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.20.6 log created on 02062011_113022
Files\Folders moved on Reboot...
C:\Users\IlegaliTy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Re: Prosim o kontrolu
To není ten co jsem chtěla
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosim o kontrolu
Skopirujem skript,klik na RUN FIX a po restarte mi da tento log.Co robim zle?.
Re: Prosim o kontrolu
Promiňte, já myslela ten odkaz na virustotal 
. To není ten soubor co jsem chtěla. Musíte do spodního okénka nakopírovat cestu k souboru a dát odeslat.
. To není ten soubor co jsem chtěla. Musíte do spodního okénka nakopírovat cestu k souboru a dát odeslat.Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosim o kontrolu
No iny tam nieje.Tak neviem
http://www.virustotal.com/file-scan/rep ... 1294499859
http://www.virustotal.com/file-scan/rep ... 1294499859
Re: Prosim o kontrolu
Testujete skutečně tento soubor?
C:\Users\IlegaliTy\AppData\Roaming\OpenCandy\OpenCandy_9F6A205636774D98B123DCA8BBFD9ADC\LatestDLMgr.exe
C:\Users\IlegaliTy\AppData\Roaming\OpenCandy\OpenCandy_9F6A205636774D98B123DCA8BBFD9ADC\LatestDLMgr.exe
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosim o kontrolu
Tak to se omlouvám, na tom virustotalu to tak nevypadalo .
Jak to vypadá s počítačem?
.Jak to vypadá s počítačem?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosim o kontrolu
Nic sa nezmenilo.Skusim niekoho zohnat,nech sa s tym pohra a uvidim.
Este raz dakujem za vas cas.
Este raz dakujem za vas cas.
Re: Prosim o kontrolu
Já už opravdu nevím co s tím 
. Dejte pak vědět, jak to dopadlo.
. Dejte pak vědět, jak to dopadlo.Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosim o kontrolu
prosim o kontrolu, pocitac je pomaly a vypadava pripojeni k internetu. dekuji.
Logfile of random's system information tool 1.08 (written by random/random)
Run by maja at 2011-02-07 20:50:14
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 3 GB (4%) free of 71 GB
Total RAM: 3000 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:51:07, on 07/02/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\maja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9C5W22Q\RSIT[1].exe
C:\Program Files\trend micro\maja.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: (no name) - {8854ED42-85F6-4F34-8C6E-249F75AD6952} - (no file)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {097E7337-311D-44FF-A853-3F454FE1A682} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [NVIDIA driver monitor] C:\Users\Public\nvsvc32.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslat do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslat do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - (no file)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
--
End of file - 7217 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\PCConfidential.job
C:\Windows\tasks\RegPowerClean.job
C:\Windows\tasks\RPCReminder.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8854ED42-85F6-4F34-8C6E-249F75AD6952}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-16 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-05-15 142896]
{097E7337-311D-44FF-A853-3F454FE1A682}
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-25 1049896]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-16 149280]
"Wireless Manager"=C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe [2008-05-26 585728]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-08-19 630784]
"NVIDIA driver monitor"=C:\Users\Public\nvsvc32.exe []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe [2007-11-16 91432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
C:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rocket Dock]
C:\Program Files\RocketDock\RocketDock.exe [2007-08-19 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe [2007-08-19 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-11-15 1830128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-07-11 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HideClock"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=1
"NoViewContextMenu"=0
"NoFileAssociate"=0
"NoFind"=0
"NoRun"=0
"NoClose"=0
"StartMenuLogoff"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2011-02-07 20:50:14 ----D---- C:\rsit
2011-02-07 20:50:14 ----D---- C:\Program Files\trend micro
2011-01-10 17:06:33 ----D---- C:\Program Files\Apple Software Update
2011-01-10 17:06:30 ----SHD---- C:\Config.Msi
======List of files/folders modified in the last 1 months======
2011-02-07 20:50:25 ----D---- C:\Windows\Prefetch
2011-02-07 20:50:21 ----D---- C:\Windows\Temp
2011-02-07 20:50:14 ----RD---- C:\Program Files
2011-02-07 20:43:19 ----D---- C:\Windows\system32\en-US
2011-02-07 20:43:19 ----D---- C:\Windows\System32
2011-02-07 20:43:15 ----D---- C:\Windows\winsxs
2011-02-07 20:18:43 ----D---- C:\Windows\inf
2011-02-07 20:18:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-07 20:15:42 ----D---- C:\Windows\Tasks
2011-02-07 11:20:25 ----D---- C:\Windows\rescache
2011-02-07 11:03:20 ----SHD---- C:\System Volume Information
2011-01-28 20:34:08 ----D---- C:\Windows\system32\Tasks
2011-01-25 21:06:07 ----D---- C:\Windows
2011-01-25 20:51:21 ----D---- C:\Users\maja\AppData\Roaming\Skype
2011-01-25 20:46:12 ----D---- C:\Users\maja\AppData\Roaming\skypePM
2011-01-13 08:47:32 ----A---- C:\Windows\system32\aswBoot.exe
2011-01-10 17:06:39 ----SHD---- C:\Windows\Installer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-05-15 18992]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-02-23 715248]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-01-20 31644]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 41456]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-05-15 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-05-15 60464]
R3 AFGSp50;AFGSp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\AFGSp50.sys [2008-05-26 27072]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-11 2381312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-06-14 2152344]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-31 14848]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-08-12 61440]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-25 199472]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-02-21 299008]
S3 AFGMp50;AFGMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\AFGMp50.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AffinegyService;AffinegyService; C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe [2008-05-26 143360]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 81504]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-22 1402272]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
S4 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-01-09 410976]
S4 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-05-15 500784]
S4 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
S4 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
S4 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S4 RelevantKnowledge;RelevantKnowledge; C:\Program Files\RelevantKnowledge\rlservice.exe /service []
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-10-15 243056]
-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by maja at 2011-02-07 20:50:14
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 3 GB (4%) free of 71 GB
Total RAM: 3000 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:51:07, on 07/02/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\maja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9C5W22Q\RSIT[1].exe
C:\Program Files\trend micro\maja.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: (no name) - {8854ED42-85F6-4F34-8C6E-249F75AD6952} - (no file)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {097E7337-311D-44FF-A853-3F454FE1A682} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [NVIDIA driver monitor] C:\Users\Public\nvsvc32.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslat do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslat do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - (no file)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
--
End of file - 7217 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\PCConfidential.job
C:\Windows\tasks\RegPowerClean.job
C:\Windows\tasks\RPCReminder.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8854ED42-85F6-4F34-8C6E-249F75AD6952}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-16 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-05-15 142896]
{097E7337-311D-44FF-A853-3F454FE1A682}
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-25 1049896]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-16 149280]
"Wireless Manager"=C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe [2008-05-26 585728]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-08-19 630784]
"NVIDIA driver monitor"=C:\Users\Public\nvsvc32.exe []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe [2007-11-16 91432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
C:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rocket Dock]
C:\Program Files\RocketDock\RocketDock.exe [2007-08-19 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe [2007-08-19 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-11-15 1830128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-07-11 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HideClock"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=1
"NoViewContextMenu"=0
"NoFileAssociate"=0
"NoFind"=0
"NoRun"=0
"NoClose"=0
"StartMenuLogoff"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2011-02-07 20:50:14 ----D---- C:\rsit
2011-02-07 20:50:14 ----D---- C:\Program Files\trend micro
2011-01-10 17:06:33 ----D---- C:\Program Files\Apple Software Update
2011-01-10 17:06:30 ----SHD---- C:\Config.Msi
======List of files/folders modified in the last 1 months======
2011-02-07 20:50:25 ----D---- C:\Windows\Prefetch
2011-02-07 20:50:21 ----D---- C:\Windows\Temp
2011-02-07 20:50:14 ----RD---- C:\Program Files
2011-02-07 20:43:19 ----D---- C:\Windows\system32\en-US
2011-02-07 20:43:19 ----D---- C:\Windows\System32
2011-02-07 20:43:15 ----D---- C:\Windows\winsxs
2011-02-07 20:18:43 ----D---- C:\Windows\inf
2011-02-07 20:18:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-07 20:15:42 ----D---- C:\Windows\Tasks
2011-02-07 11:20:25 ----D---- C:\Windows\rescache
2011-02-07 11:03:20 ----SHD---- C:\System Volume Information
2011-01-28 20:34:08 ----D---- C:\Windows\system32\Tasks
2011-01-25 21:06:07 ----D---- C:\Windows
2011-01-25 20:51:21 ----D---- C:\Users\maja\AppData\Roaming\Skype
2011-01-25 20:46:12 ----D---- C:\Users\maja\AppData\Roaming\skypePM
2011-01-13 08:47:32 ----A---- C:\Windows\system32\aswBoot.exe
2011-01-10 17:06:39 ----SHD---- C:\Windows\Installer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-05-15 18992]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-02-23 715248]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-01-20 31644]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 41456]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-05-15 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-05-15 60464]
R3 AFGSp50;AFGSp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\AFGSp50.sys [2008-05-26 27072]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-11 2381312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-06-14 2152344]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-31 14848]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-08-12 61440]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-25 199472]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-02-21 299008]
S3 AFGMp50;AFGMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\AFGMp50.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AffinegyService;AffinegyService; C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe [2008-05-26 143360]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 81504]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-22 1402272]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
S4 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-01-09 410976]
S4 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-05-15 500784]
S4 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
S4 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
S4 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S4 RelevantKnowledge;RelevantKnowledge; C:\Program Files\RelevantKnowledge\rlservice.exe /service []
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-10-15 243056]
-----------------EOF-----------------
Přispějete na provoz fóra?