VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

0 bajtů na C:/ - zpomalení?

https://forum.viry.cz:443/viewtopic.php?t=107319

Stránka 3 z 3

Re: 0 bajtů na C:/ - zpomalení?

Napsal: 12 led 2011 21:33
od Rudy
Pokud se povede OTL, samozřejmě dejte OTL.

Re: 0 bajtů na C:/ - zpomalení?

Napsal: 12 led 2011 23:16
od chvavi
OTL logfile created on: 12.1.2011 22:51:10 - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = D:\
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 87,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 1,37 Gb Free Space | 2,82% Space Free | Partition Type: NTFS
Drive D: | 416,93 Gb Total Space | 10,13 Gb Free Space | 2,43% Space Free | Partition Type: NTFS

Computer Name: VÍTEK-PC | User Name: Vítek | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.12.15 10:49:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\OTL.exe


========== Modules (SafeList) ==========

MOD - [2010.12.15 10:49:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.11.17 10:31:46 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.08.21 18:07:20 | 000,356,480 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (FastBootAgent)
SRV:64bit: - [2009.07.17 11:23:32 | 002,308,936 | ---- | M] (Agnitum Ltd.) [Auto | Stopped] -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.03.02 00:14:36 | 000,844,328 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2007.08.08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV:64bit: - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2010.12.09 22:39:31 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.05 05:34:48 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.27 09:07:36 | 000,136,192 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Aladdin\Aladdin SQL Server\AladdinSQL.exe -- (Aladdin SQL Server)
SRV - [2010.03.20 10:53:33 | 000,186,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.04 19:05:34 | 001,181,328 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009.12.23 21:55:02 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.12.15 23:46:45 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.11.17 10:36:48 | 001,353,544 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.11.17 10:31:38 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.11.13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.10.14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.03.31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipswuio.sys -- (ipswuio)
DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\DRIVERS\60851442.sys -- (60851442)
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\60851441.sys -- (60851441)
DRV:64bit: - [2010.11.22 12:09:53 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.03.02 11:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2009.12.15 13:05:42 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.15 13:05:42 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.12.15 13:05:42 | 000,029,696 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewdcsc.sys -- (Huawei)
DRV:64bit: - [2009.12.15 02:26:50 | 008,034,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.10.22 12:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\25460162.sys -- (25460162)
DRV:64bit: - [2009.10.22 12:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\09658592.sys -- (09658592)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.25 16:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\25460161.sys -- (25460161)
DRV:64bit: - [2009.09.23 13:55:23 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009.08.23 05:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.08.12 06:45:30 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 13:18:34 | 000,412,696 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afwcore.sys -- (afwcore)
DRV:64bit: - [2009.07.09 17:57:42 | 000,042,440 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Filt\ASWFilt64.dll -- (ASWFilt)
DRV:64bit: - [2009.07.09 17:56:54 | 000,965,832 | ---- | M] (Agnitum Ltd.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\SandBox64.sys -- (SandBox)
DRV:64bit: - [2009.07.09 09:11:32 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.09 04:11:42 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.06.23 02:47:40 | 000,693,248 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GUCI_AVS.sys -- (GUCI_AVS)
DRV:64bit: - [2009.06.18 12:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.13 02:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009.03.04 22:57:34 | 000,075,088 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SAFDSKNT.SYS -- (SafDskNT)
DRV:64bit: - [2009.02.28 09:09:38 | 000,096,296 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.02.28 09:09:38 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.02.28 09:09:36 | 000,134,184 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.02.18 17:28:46 | 000,031,768 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afw.sys -- (afw)
DRV:64bit: - [2008.12.22 08:05:30 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.10.21 10:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008.10.21 10:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008.10.21 10:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008.10.21 10:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008.10.21 10:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.10.21 10:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008.10.21 10:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008.05.23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008.05.16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008.05.16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.05.16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008.05.16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV:64bit: - [2008.01.09 11:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2007.09.05 00:46:56 | 000,203,328 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007.08.03 05:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV:64bit: - [2007.07.24 11:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2009.10.14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4065397460-1451359186-7655873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 E8 7B D2 E9 30 CB 01 [binary data]
IE - HKU\S-1-5-21-4065397460-1451359186-7655873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4065397460-1451359186-7655873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: G:\Thunderbird\ThunderbirdPortable\App\thunderbird\components
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: G:\Thunderbird\ThunderbirdPortable\App\thunderbird\plugins

[2010.04.14 21:37:28 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\mozilla\Extensions
[2010.04.14 21:37:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vítek\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.12.20 10:49:54 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe (Agnitum Ltd.)
O4:64bit: - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QT Lite\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [reset] C:\Windows\reset.reg ()
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKU\S-1-5-21-4065397460-1451359186-7655873-1000..\Run: [Outpost User Interface] C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4065397460-1451359186-7655873-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4065397460-1451359186-7655873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4065397460-1451359186-7655873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-4065397460-1451359186-7655873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.19.5.10 81.19.5.11
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook64.dll) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook64.dll (Agnitum Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll (Agnitum Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4065397460-1451359186-7655873-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011.01.12 14:38:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebSite X5 v8 - Evolution2
[2011.01.12 13:39:19 | 000,000,000 | ---D | C] -- C:\Users\Vítek\Desktop\šikotex
[2011.01.12 11:38:16 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011.01.10 12:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.01.10 11:06:26 | 000,000,000 | ---D | C] -- C:\Users\Vítek\Documents\Extensis
[2011.01.10 11:05:04 | 000,000,000 | ---D | C] -- C:\Users\Vítek\Documents\novy_previews
[2011.01.10 11:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Celartem
[2011.01.10 11:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Extensis
[2011.01.10 10:59:30 | 000,000,000 | ---D | C] -- C:\Users\Vítek\AppData\Roaming\Extensis
[2011.01.10 10:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Extensis
[2011.01.09 08:24:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.01.05 12:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2011.01.05 12:18:53 | 000,000,000 | ---D | C] -- C:\Users\Vítek\AppData\Roaming\Corel
[2011.01.05 11:26:35 | 000,000,000 | ---D | C] -- C:\Users\Vítek\Documents\Corel
[2011.01.05 11:26:12 | 000,000,000 | ---D | C] -- C:\Users\Vítek\Documents\Visual Studio 2008
[2011.01.05 11:26:06 | 000,000,000 | ---D | C] -- C:\Users\Vítek\AppData\Local\Microsoft Help
[2011.01.05 11:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2011.01.05 11:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2011.01.05 11:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.01.05 11:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2010.12.16 11:17:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TKexe
[2010.12.16 11:16:56 | 031,786,219 | ---- | C] (Torsten Krieg / TKexe, info@tkexe.eu) -- C:\Users\Vítek\Desktop\setup_ca_en.exe
[2010.12.15 10:12:45 | 000,000,000 | ---D | C] -- C:\Users\Vítek\Desktop\mendlak
[2008.08.11 21:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Vítek\*.tmp files -> C:\Users\Vítek\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.01.12 22:49:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.12 22:48:38 | 000,000,020 | ---- | M] () -- C:\Windows\SysNative\BootTime.ini
[2011.01.12 22:48:32 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini
[2011.01.12 22:45:56 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.12 22:36:17 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.12 22:36:17 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.12 22:03:12 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.12 16:17:38 | 001,497,474 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.01.12 16:17:38 | 000,639,986 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011.01.12 16:17:38 | 000,624,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.01.12 16:17:38 | 000,126,866 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011.01.12 16:17:38 | 000,110,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.01.12 14:45:08 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\WebSite X5 v8 Evolution.lnk
[2011.01.12 09:38:36 | 000,002,520 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011.01.10 14:55:24 | 000,000,081 | ---- | M] () -- C:\Users\Vítek\Documents\launch-portfolio.vbs
[2011.01.10 12:09:49 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3.3 64-bit.lnk
[2011.01.10 11:22:56 | 007,831,552 | ---- | M] () -- C:\Users\Vítek\Documents\novy.fdb
[2011.01.10 11:05:10 | 000,000,014 | ---- | M] () -- C:\Users\Vítek\Documents\novy.adm
[2011.01.10 11:00:48 | 000,002,118 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Portfolio Express 8.5.lnk
[2011.01.10 11:00:48 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\Portfolio 8.5.lnk
[2011.01.09 22:01:47 | 000,000,070 | ---- | M] () -- C:\Users\Vítek\Desktop\index.html
[2011.01.06 21:31:54 | 002,305,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.01.05 19:46:37 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.01.03 10:00:59 | 000,065,850 | ---- | M] () -- C:\Users\Vítek\Desktop\VF7.pdf
[2011.01.02 16:36:39 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010.12.16 11:17:41 | 000,000,996 | ---- | M] () -- C:\Users\Vítek\Desktop\TKexe.lnk
[2010.12.16 11:17:11 | 031,786,219 | ---- | M] (Torsten Krieg / TKexe, info@tkexe.eu) -- C:\Users\Vítek\Desktop\setup_ca_en.exe
[2010.12.14 14:43:06 | 000,001,291 | ---- | M] () -- C:\Users\Public\Desktop\CEWE prezentace fotografií.lnk
[2010.12.14 14:43:06 | 000,001,251 | ---- | M] () -- C:\Users\Public\Desktop\Fotolab Fotosvet 4.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Vítek\*.tmp files -> C:\Users\Vítek\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.01.12 14:45:07 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\WebSite X5 v8 Evolution.lnk
[2011.01.10 14:55:24 | 000,000,081 | ---- | C] () -- C:\Users\Vítek\Documents\launch-portfolio.vbs
[2011.01.10 12:09:49 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 3.3 64-bit.lnk
[2011.01.10 11:04:54 | 000,000,014 | ---- | C] () -- C:\Users\Vítek\Documents\novy.adm
[2011.01.10 11:04:44 | 007,831,552 | ---- | C] () -- C:\Users\Vítek\Documents\novy.fdb
[2011.01.10 11:00:48 | 000,002,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Portfolio Express 8.5.lnk
[2011.01.10 11:00:48 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\Portfolio 8.5.lnk
[2011.01.09 21:59:25 | 000,012,695 | ---- | C] () -- C:\Users\Vítek\Desktop\tabla.html
[2011.01.09 21:57:56 | 000,000,070 | ---- | C] () -- C:\Users\Vítek\Desktop\index.html
[2011.01.03 10:00:58 | 000,065,850 | ---- | C] () -- C:\Users\Vítek\Desktop\VF7.pdf
[2010.12.16 11:17:41 | 000,303,104 | ---- | C] () -- C:\Windows\Uninstall_tkexe.exe
[2010.12.16 11:17:41 | 000,000,996 | ---- | C] () -- C:\Users\Vítek\Desktop\TKexe.lnk
[2010.10.15 04:38:26 | 000,000,600 | ---- | C] () -- C:\Users\Vítek\AppData\Roaming\winscp.rnd
[2010.05.16 10:38:37 | 000,000,017 | ---- | C] () -- C:\Users\Vítek\AppData\Local\resmon.resmoncfg
[2010.04.16 22:42:35 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.04.16 22:42:35 | 000,000,088 | RHS- | C] () -- C:\ProgramData\AD761D7EC1.sys
[2010.03.10 10:43:05 | 000,000,005 | ---- | C] () -- C:\Program Files\trl.trl
[2010.03.09 21:20:24 | 000,202,937 | ---- | C] () -- C:\Users\Vítek\AppData\Roaming\mdbu.bin
[2010.02.23 06:57:02 | 000,004,096 | -H-- | C] () -- C:\Users\Vítek\AppData\Local\keyfile3.drm
[2010.02.17 16:55:29 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
[2010.01.24 23:13:50 | 000,005,632 | ---- | C] () -- C:\Users\Vítek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.29 09:28:06 | 000,000,301 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.12.15 23:39:08 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2009.12.15 22:42:20 | 000,000,093 | ---- | C] () -- C:\Users\Vítek\AppData\Local\fusioncache.dat
[2009.12.15 22:40:58 | 001,497,316 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.15 19:04:23 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.12.15 18:33:51 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009.12.15 18:31:19 | 000,000,088 | -H-- | C] () -- C:\ProgramData\aspg.dat
[2009.12.15 16:37:57 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009.12.15 16:35:23 | 000,002,107 | ---- | C] () -- C:\Windows\SysWow64\GUCI_AVS.ini
[2009.12.15 16:35:23 | 000,000,641 | ---- | C] () -- C:\Windows\Remover.ini
[2009.12.15 01:42:44 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009.12.15 01:42:44 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009.07.31 02:58:42 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.09 02:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009.04.08 10:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008.05.22 08:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2007.06.12 09:34:50 | 000,035,822 | ---- | C] () -- C:\Program Files (x86)\Common Files\ASPG_icon.ico
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\MMSwitch.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2009.12.23 22:30:21 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Alchemy Mindworks
[2010.02.01 16:37:30 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Bump Technologies, Inc
[2010.11.28 22:45:46 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Canon
[2010.01.31 00:34:43 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\ESET
[2011.01.10 11:04:08 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Extensis
[2011.01.10 12:00:04 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\FileZilla
[2010.02.24 22:05:18 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\GHISLER
[2010.03.09 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Happy Foto
[2010.07.06 12:12:59 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\IcoFX
[2010.04.22 22:54:26 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\ICQ
[2010.03.12 12:44:06 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Imagenomic
[2010.04.16 08:22:26 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\inkscape
[2010.06.14 11:35:47 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Jpeg Resampler
[2010.03.29 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Kingston
[2010.04.13 16:59:00 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Miranda
[2010.03.20 10:53:38 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Netscape
[2010.03.08 19:52:50 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Nik Software
[2010.03.22 10:07:46 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Offline Explorer
[2010.07.01 06:03:54 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Opera
[2010.03.20 10:18:44 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Photodex
[2011.01.03 10:01:08 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\PrimoPDF
[2010.02.11 13:10:44 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Registry Mechanic
[2010.03.21 13:13:30 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\SmartDraw
[2010.06.14 11:35:46 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Stellarium
[2010.07.21 23:01:22 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Telefónica Móviles
[2010.04.14 21:37:24 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Thunderbird
[2009.12.20 10:49:52 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\TomTom
[2009.12.15 23:33:39 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\TuneUp Software
[2011.01.12 11:39:05 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\uTorrent
[2010.01.25 19:36:41 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Zoner
[2010.06.15 14:24:13 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Outpost User Interface" = C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe /tray -- [2009.07.17 11:23:36 | 003,491,144 | ---- | M] (Agnitum Ltd.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

Re: 0 bajtů na C:/ - zpomalení?

Napsal: 12 led 2011 23:17
od chvavi
< %APPDATA%\*. >
[2011.01.12 16:40:41 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Adobe
[2010.05.13 16:05:40 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Ahead
[2009.12.23 22:30:21 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Alchemy Mindworks
[2010.04.10 21:01:41 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Avira
[2010.02.01 16:37:30 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Bump Technologies, Inc
[2010.11.28 22:45:46 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Canon
[2011.01.05 12:18:57 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Corel
[2010.01.31 00:34:43 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\ESET
[2011.01.10 11:04:08 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Extensis
[2009.12.24 00:05:46 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\FastStone
[2011.01.10 12:00:04 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\FileZilla
[2010.02.24 22:05:18 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\GHISLER
[2010.01.25 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Google
[2009.12.15 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\GRETECH
[2010.03.09 20:38:42 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Happy Foto
[2010.07.06 12:12:59 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\IcoFX
[2010.04.22 22:54:26 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\ICQ
[2009.12.15 23:02:20 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Identities
[2010.03.12 12:44:06 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Imagenomic
[2010.04.16 08:22:26 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\inkscape
[2009.12.15 16:31:27 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\InstallShield
[2010.06.14 11:35:47 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Jpeg Resampler
[2010.03.29 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Kingston
[2009.12.15 16:38:09 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Macromedia
[2010.02.25 23:06:04 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Malwarebytes
[2009.07.14 16:36:38 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Media Center Programs
[2011.01.05 11:26:35 | 000,000,000 | --SD | M] -- C:\Users\Vítek\AppData\Roaming\Microsoft
[2010.04.13 16:59:00 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Miranda
[2010.04.14 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Mozilla
[2010.03.20 10:53:38 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Netscape
[2010.03.08 19:52:50 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Nik Software
[2010.03.22 10:07:46 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Offline Explorer
[2010.07.01 06:03:54 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Opera
[2010.03.20 10:18:44 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Photodex
[2011.01.03 10:01:08 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\PrimoPDF
[2010.10.15 13:24:57 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\PSpad
[2010.02.11 13:10:44 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Registry Mechanic
[2010.12.08 09:12:58 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Skype
[2010.12.08 08:06:46 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\skypePM
[2010.03.21 13:13:30 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\SmartDraw
[2010.06.14 11:35:46 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Stellarium
[2010.07.21 23:01:22 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Telefónica Móviles
[2010.04.14 21:37:24 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Thunderbird
[2009.12.20 10:49:52 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\TomTom
[2009.12.15 23:33:39 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\TuneUp Software
[2011.01.12 11:39:05 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\uTorrent
[2010.08.20 22:08:08 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Winamp
[2009.12.15 23:40:14 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\WinRAR
[2010.01.25 19:36:41 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\Zoner
[2010.11.28 22:50:25 | 000,000,000 | ---D | M] -- C:\Users\Vítek\AppData\Roaming\ZoomBrowser EX

< %APPDATA%\*.exe /s >
[2007.03.22 11:46:40 | 000,126,976 | ---- | M] () -- C:\Users\Vítek\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
[2008.09.19 00:19:30 | 000,937,465 | ---- | M] ( ) -- C:\Users\Vítek\AppData\Roaming\Kingston\SecureTraveler.exe
[2008.09.18 14:32:22 | 001,839,104 | -H-- | M] () -- C:\Users\Vítek\AppData\Roaming\Kingston\SecureTravelerA.exe
[2008.09.19 00:05:36 | 003,231,744 | -H-- | M] () -- C:\Users\Vítek\AppData\Roaming\Kingston\SecureTravelerB.exe
[2008.07.18 12:31:28 | 000,143,360 | ---- | M] (Kingston) -- C:\Users\Vítek\AppData\Roaming\Kingston\SecureTravelerDaemon.exe
[2008.09.18 14:32:22 | 001,839,104 | -H-- | M] () -- C:\Users\Vítek\AppData\Roaming\Kingston\tmp\SecureTravelerA.exe
[2008.09.19 00:05:36 | 003,231,744 | -H-- | M] () -- C:\Users\Vítek\AppData\Roaming\Kingston\tmp\SecureTravelerB.exe
[2008.07.18 12:31:28 | 000,143,360 | ---- | M] (Kingston) -- C:\Users\Vítek\AppData\Roaming\Kingston\tmp\SecureTravelerDaemon.exe
[2010.06.11 06:46:16 | 020,330,720 | ---- | M] (TomTom International B.V.) -- C:\Users\Vítek\AppData\Roaming\TomTom\HOME\Profiles\8lawul0b.default\Updates\v2_7_4_1962_win.exe


< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\ERDNT\cache64\cryptsvc.dll
[2009.07.14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\ERDNT\cache86\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTOR.SYS >
[2009.06.04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\ERDNT\cache64\lsass.exe
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\ERDNT\cache64\ndis.sys
[2009.07.14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys


< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2010.06.14 07:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010.06.14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\ERDNT\cache64\tcpip.sys
[2010.06.14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\ERDNT\cache64\ws2_32.dll
[2009.07.14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\ERDNT\cache86\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.01.12 14:28:24 | 000,002,991 | ---- | M] () -- C:\Windows\SysWOW64\iiSetup.log
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Re: 0 bajtů na C:/ - zpomalení?

Napsal: 13 led 2011 19:51
od Rudy
Do spod ího okna zkopírujte:
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"reset"=-

:files
C:\Windows\reset.reg
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
a klikněte na "opravit".

Re: 0 bajtů na C:/ - zpomalení?

Napsal: 13 led 2011 23:11
od chvavi
All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\reset deleted successfully.
========== FILES ==========
C:\Windows\reset.reg moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
C:\Windows\system32\SET5E0F.tmp moved successfully.
C:\Windows\system32\SET6272.tmp moved successfully.
C:\Windows\system32\SETAAA8.tmp moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9B.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDC89.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDE5E.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6A3B.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP87A7.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8A89.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8C28.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP96A9.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA5D.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\IH9004.tmp moved successfully.
C:\Windows\Temp\AMW2A98.tmp moved successfully.
C:\Windows\Temp\BIT1352.tmp moved successfully.
C:\Windows\Temp\BIT3AED.tmp moved successfully.
C:\Windows\Temp\BIT3B4B.tmp moved successfully.
C:\Windows\Temp\BIT3E0B.tmp moved successfully.
C:\Windows\Temp\BIT3E4B.tmp moved successfully.
C:\Windows\Temp\BIT3FBD.tmp moved successfully.
C:\Windows\Temp\BIT40C7.tmp moved successfully.
C:\Windows\Temp\BIT44BC.tmp moved successfully.
C:\Windows\Temp\BIT454A.tmp moved successfully.
C:\Windows\Temp\BIT6437.tmp moved successfully.
C:\Windows\Temp\BIT64A5.tmp moved successfully.
C:\Windows\Temp\BIT6825.tmp moved successfully.
C:\Windows\Temp\BIT692F.tmp moved successfully.
C:\Windows\Temp\BIT698D.tmp moved successfully.
C:\Windows\Temp\BIT69FB.tmp moved successfully.
C:\Windows\Temp\BIT6C3B.tmp moved successfully.
C:\Windows\Temp\BIT6CB9.tmp moved successfully.
C:\Windows\Temp\BIT6E33.tmp moved successfully.
C:\Windows\Temp\BIT6EB1.tmp moved successfully.
C:\Windows\Temp\BIT731E.tmp moved successfully.
C:\Windows\Temp\BIT73DA.tmp moved successfully.
C:\Windows\Temp\BIT756F.tmp moved successfully.
C:\Windows\Temp\BIT75CE.tmp moved successfully.
C:\Windows\Temp\BIT75ED.tmp moved successfully.
C:\Windows\Temp\BIT76E7.tmp moved successfully.
C:\Windows\Temp\BIT7ACC.tmp moved successfully.
C:\Windows\Temp\BIT7AFC.tmp moved successfully.
C:\Windows\Temp\BIT800A.tmp moved successfully.
C:\Windows\Temp\BIT8088.tmp moved successfully.
C:\Windows\Temp\BIT80CE.tmp moved successfully.
C:\Windows\Temp\BIT815B.tmp moved successfully.
C:\Windows\Temp\BIT9119.tmp moved successfully.
C:\Windows\Temp\BIT9197.tmp moved successfully.
C:\Windows\Temp\BIT9819.tmp moved successfully.
C:\Windows\Temp\BIT98A7.tmp moved successfully.
C:\Windows\Temp\BITAAD3.tmp moved successfully.
C:\Windows\Temp\BITABBE.tmp moved successfully.
C:\Windows\Temp\BITB12B.tmp moved successfully.
C:\Windows\Temp\BITB17A.tmp moved successfully.
C:\Windows\Temp\BITB1B1.tmp moved successfully.
C:\Windows\Temp\BITB25E.tmp moved successfully.
C:\Windows\Temp\BITC042.tmp moved successfully.
C:\Windows\Temp\BITC14D.tmp moved successfully.
C:\Windows\Temp\BITD4DB.tmp moved successfully.
C:\Windows\Temp\BITD5A6.tmp moved successfully.
C:\Windows\Temp\BITE1B6.tmp moved successfully.
C:\Windows\Temp\BITE292.tmp moved successfully.
C:\Windows\Temp\BITE62D.tmp moved successfully.
C:\Windows\Temp\BITE6DA.tmp moved successfully.
C:\Windows\Temp\BITEF5D.tmp moved successfully.
C:\Windows\Temp\BITEFCB.tmp moved successfully.
C:\Windows\Temp\BITF039.tmp moved successfully.
C:\Windows\Temp\BITF059.tmp moved successfully.
C:\Windows\Temp\BITFE7.tmp moved successfully.
C:\Windows\Temp\Cab2838.tmp moved successfully.
C:\Windows\Temp\Cab2B16.tmp moved successfully.
C:\Windows\Temp\Cab3236.tmp moved successfully.
C:\Windows\Temp\Cab39E4.tmp moved successfully.
C:\Windows\Temp\Cab3D03.tmp moved successfully.
C:\Windows\Temp\Cab4098.tmp moved successfully.
C:\Windows\Temp\Cab41FE.tmp moved successfully.
C:\Windows\Temp\Cab449D.tmp moved successfully.
C:\Windows\Temp\Cab625A.tmp moved successfully.
C:\Windows\Temp\Cab757D.tmp moved successfully.
C:\Windows\Temp\Cab759C.tmp moved successfully.
C:\Windows\Temp\Cab7AAB.tmp moved successfully.
C:\Windows\Temp\Cab8C95.tmp moved successfully.
C:\Windows\Temp\Cab8EB7.tmp moved successfully.
C:\Windows\Temp\CabA17C.tmp moved successfully.
C:\Windows\Temp\CabAC45.tmp moved successfully.
C:\Windows\Temp\CabB3E3.tmp moved successfully.
C:\Windows\Temp\CabBA68.tmp moved successfully.
C:\Windows\Temp\CabC090.tmp moved successfully.
C:\Windows\Temp\CabC62B.tmp moved successfully.
C:\Windows\Temp\CabC8CA.tmp moved successfully.
C:\Windows\Temp\CabCBA7.tmp moved successfully.
C:\Windows\Temp\CabDFA4.tmp moved successfully.
C:\Windows\Temp\CabF98A.tmp moved successfully.
C:\Windows\Temp\RPT1045.tmp moved successfully.
C:\Windows\Temp\RPT1046.tmp moved successfully.
C:\Windows\Temp\RPT13ED.tmp moved successfully.
C:\Windows\Temp\RPT13EE.tmp moved successfully.
C:\Windows\Temp\RPT250C.tmp moved successfully.
C:\Windows\Temp\RPT251D.tmp moved successfully.
C:\Windows\Temp\RPT2847.tmp moved successfully.
C:\Windows\Temp\RPT2848.tmp moved successfully.
C:\Windows\Temp\RPT3504.tmp moved successfully.
C:\Windows\Temp\RPT3514.tmp moved successfully.
C:\Windows\Temp\RPT37C2.tmp moved successfully.
C:\Windows\Temp\RPT37C3.tmp moved successfully.
C:\Windows\Temp\RPT3C73.tmp moved successfully.
C:\Windows\Temp\RPT3C74.tmp moved successfully.
C:\Windows\Temp\RPT3D8C.tmp moved successfully.
C:\Windows\Temp\RPT3D8D.tmp moved successfully.
C:\Windows\Temp\RPT3F6.tmp moved successfully.
C:\Windows\Temp\RPT3F7.tmp moved successfully.
C:\Windows\Temp\RPT4411.tmp moved successfully.
C:\Windows\Temp\RPT4422.tmp moved successfully.
C:\Windows\Temp\RPT448E.tmp moved successfully.
C:\Windows\Temp\RPT448F.tmp moved successfully.
C:\Windows\Temp\RPT4AD4.tmp moved successfully.
C:\Windows\Temp\RPT4AD5.tmp moved successfully.
C:\Windows\Temp\RPT5782.tmp moved successfully.
C:\Windows\Temp\RPT5792.tmp moved successfully.
C:\Windows\Temp\RPT7B1B.tmp moved successfully.
C:\Windows\Temp\RPT7B1C.tmp moved successfully.
C:\Windows\Temp\RPT888.tmp moved successfully.
C:\Windows\Temp\RPT889.tmp moved successfully.
C:\Windows\Temp\RPTB8D5.tmp moved successfully.
C:\Windows\Temp\RPTB8E5.tmp moved successfully.
File move failed. C:\Windows\Temp\RPTBBC0.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\Temp\RPTBBC1.tmp scheduled to be moved on reboot.
C:\Windows\Temp\RPTE964.tmp moved successfully.
C:\Windows\Temp\RPTE965.tmp moved successfully.
C:\Windows\Temp\RPTF085.tmp moved successfully.
C:\Windows\Temp\RPTF086.tmp moved successfully.
C:\Windows\Temp\RPTF7D5.tmp moved successfully.
C:\Windows\Temp\RPTF7D6.tmp moved successfully.
C:\Windows\Temp\RPTFF83.tmp moved successfully.
C:\Windows\Temp\RPTFF84.tmp moved successfully.
C:\Windows\Temp\sdb2AAB.tmp moved successfully.
C:\Windows\Temp\sdb2E60.tmp moved successfully.
C:\Windows\Temp\sdb5247.tmp moved successfully.
C:\Windows\Temp\sdbA3D0.tmp moved successfully.
C:\Windows\Temp\sdbA6BD.tmp moved successfully.
C:\Windows\Temp\sdbB94E.tmp moved successfully.
C:\Windows\Temp\sdbC2D0.tmp moved successfully.
C:\Windows\Temp\sdbC7D3.tmp moved successfully.
C:\Windows\Temp\sdbD77D.tmp moved successfully.
C:\Windows\Temp\sdbDB75.tmp moved successfully.
C:\Windows\Temp\sdbE1D9.tmp moved successfully.
C:\Windows\Temp\SPL1546.tmp moved successfully.
C:\Windows\Temp\SPL7503.tmp moved successfully.
C:\Windows\Temp\SPL83A4.tmp moved successfully.
C:\Windows\Temp\SPL91A9.tmp moved successfully.
C:\Windows\Temp\SPL9C0.tmp moved successfully.
C:\Windows\Temp\SPL9CE4.tmp moved successfully.
C:\Windows\Temp\SPLA29B.tmp moved successfully.
C:\Windows\Temp\SPLB8ED.tmp moved successfully.
C:\Windows\Temp\SPLB966.tmp moved successfully.
C:\Windows\Temp\SPLCF3B.tmp moved successfully.
C:\Windows\Temp\SPLDAEF.tmp moved successfully.
C:\Windows\Temp\SPLE79D.tmp moved successfully.
C:\Windows\Temp\SPLF2F4.tmp moved successfully.
C:\Windows\Temp\SPLFE6A.tmp moved successfully.
C:\Windows\Temp\Tar2848.tmp moved successfully.
C:\Windows\Temp\Tar2B17.tmp moved successfully.
C:\Windows\Temp\Tar3247.tmp moved successfully.
C:\Windows\Temp\Tar3A04.tmp moved successfully.
C:\Windows\Temp\Tar3D04.tmp moved successfully.
C:\Windows\Temp\Tar40B8.tmp moved successfully.
C:\Windows\Temp\Tar421F.tmp moved successfully.
C:\Windows\Temp\Tar44CD.tmp moved successfully.
C:\Windows\Temp\Tar627A.tmp moved successfully.
C:\Windows\Temp\Tar75AC.tmp moved successfully.
C:\Windows\Temp\Tar761A.tmp moved successfully.
C:\Windows\Temp\Tar7B76.tmp moved successfully.
C:\Windows\Temp\Tar8CB5.tmp moved successfully.
C:\Windows\Temp\Tar8F16.tmp moved successfully.
C:\Windows\Temp\TarA17D.tmp moved successfully.
C:\Windows\Temp\TarACE2.tmp moved successfully.
C:\Windows\Temp\TarB403.tmp moved successfully.
C:\Windows\Temp\TarBAB7.tmp moved successfully.
C:\Windows\Temp\TarC0B0.tmp moved successfully.
C:\Windows\Temp\TarC65B.tmp moved successfully.
C:\Windows\Temp\TarC8CB.tmp moved successfully.
C:\Windows\Temp\TarCBA8.tmp moved successfully.
C:\Windows\Temp\TarDFC4.tmp moved successfully.
C:\Windows\Temp\TarF98B.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: ASPNET
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes

User: HomeGroupUser$
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Vítek
->Temp folder emptied: 2001626711 bytes
->Temporary Internet Files folder emptied: 435199592 bytes
->Java cache emptied: 41221630 bytes
->Google Chrome cache emptied: 6171786 bytes
->Opera cache emptied: 3630880 bytes
->Flash cache emptied: 8685 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 705891 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67978 bytes
RecycleBin emptied: 575488 bytes

Total Files Cleaned = 2 374,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: ASPNET

User: Default

User: Default User

User: Guest

User: HomeGroupUser$

User: Public

User: Vítek
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 01132011_230404

Files\Folders moved on Reboot...
C:\Windows\Temp\RPTBBC0.tmp moved successfully.
C:\Windows\Temp\RPTBBC1.tmp moved successfully.
File\Folder C:\Users\Vítek\AppData\Local\Temp\etilqs_TT3aVeZoIoTZsfmIcpw4 not found!
C:\Users\Vítek\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

Registry entries deleted on Reboot...

Re: 0 bajtů na C:/ - zpomalení?

Napsal: 13 led 2011 23:23
od chvavi
Zdá se mi, že stále C:\ klesá. :-(

Po restartu je vetsinou asi 3 minuty vsechno v poradku a pak zacne klesat..

Re: 0 bajtů na C:/ - zpomalení?

Napsal: 14 led 2011 14:42
od chvavi
PŘIKLÁDÁM LOG Z RSIT:






Logfile of random's system information tool 1.08 (written by random/random)
Run by Vítek at 2011-01-14 14:41:20
Microsoft Windows 7 Ultimate
System drive C: has 12 GB (24%) free of 50 GB
Total RAM: 4061 MB (7% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2d4
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Aladdin\Aladdin SQL Server\AladdinSQL.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000600
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe"
"C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe"
\??\C:\Windows\system32\conhost.exe
"C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
taskeng.exe {5DC6F83B-0E79-42B3-9D7D-1334AF3FA085}
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe" /TUStart /pid:1472
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {DB94400A-8E06-469B-8831-99FF6EAD013D}
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe"
"C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe"
"C:\Program Files\ASUS\Net4Switch\Net4Switch.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe"
Atouch64.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
ATKOSD.exe
KBFiltr.exe
WDC.exe
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files (x86)\Extensis\Portfolio 8.5\Portfolio Express.exe" -Startup
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE" -r
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
"C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"C:\PROGRA~2\ICQ7.2\ICQ.exe" silent loginmode=4 noupdate=1
taskeng.exe {479CEF4E-23D8-4EC5-9AC1-612E52D98B2B}
"C:\Windows\system32\tracerpt.exe" "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\logfile.etl" -o "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\cputime.xml" -of XML
\??\C:\Windows\system32\conhost.exe
"C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe"
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe"
"C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe"
"C:\Users\Vítek\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Windows\AsScrPro.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Users\Vítek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=1612.061DA300.724228799 /prefetch:3
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe"
"C:\Users\Vítek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=1612.061AF300.1628662132 /prefetch:3
"C:\Users\Vítek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=1612.061DAD80.742226709 /prefetch:3
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Vítek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=1612.075DE780.1356065547 /prefetch:3
"C:\Users\Vítek\Downloads\RSITx64 (3).exe"
"C:\Users\Vítek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Vítek\AppData\Local\Google\Chrome\Application\8.0.552.224\gcswf32.dll" --lang=cs --plugin-data-dir="C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default" --channel=1612.0693B24C.1556007105 /prefetch:4
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-20 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-08-12 323072]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-07-30 617856]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2009-07-17 3491144]
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe [2009-07-17 677192]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-12-15 166424]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-12-15 390680]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-12-15 410136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Outpost User Interface"=C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe [2009-07-17 3491144]
"ICQ"=C:\Program Files (x86)\ICQ7.2\ICQ.exe [2011-01-14 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [2009-06-24 272952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
C:\Windows\AsScrProlog.exe [2009-12-15 72248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2009-12-15 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outpost User Interface]
C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe [2009-07-17 3491144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-07-13 2244096]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [2009-08-19 170624]
"SSDMonitor"=C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2009-10-14 104408]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-11-05 281768]
"QuickTime Task"=C:\Program Files (x86)\QT Lite\QTTask.exe [2010-03-17 421888]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FancyStart daemon.lnk - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
Portfolio Express 8.5.lnk - C:\Program Files (x86)\Extensis\Portfolio 8.5\Portfolio Express.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-12-15 268800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"RestrictRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-01-14 13:31:36 ----D---- C:\Program Files (x86)\ICQ7.2
2011-01-12 14:38:57 ----D---- C:\Program Files (x86)\WebSite X5 v8 - Evolution2
2011-01-12 11:38:16 ----D---- C:\32788R22FWJFW
2011-01-10 12:08:58 ----D---- C:\Program Files\Common Files\Adobe
2011-01-10 11:02:07 ----D---- C:\ProgramData\Celartem
2011-01-10 11:00:16 ----D---- C:\ProgramData\Extensis
2011-01-10 10:59:30 ----D---- C:\Users\Vítek\AppData\Roaming\Extensis
2011-01-10 10:59:28 ----D---- C:\Program Files (x86)\Extensis
2011-01-09 08:24:56 ----SHD---- C:\Config.Msi
2011-01-05 12:18:55 ----D---- C:\ProgramData\Protexis
2011-01-05 12:18:53 ----D---- C:\Users\Vítek\AppData\Roaming\Corel
2011-01-05 11:24:35 ----D---- C:\Program Files (x86)\Microsoft SDKs
2011-01-05 11:24:34 ----D---- C:\ProgramData\Microsoft Help
2011-01-05 11:24:34 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 9.0
2011-01-05 11:23:06 ----D---- C:\ProgramData\Corel
2010-12-16 11:17:41 ----A---- C:\Windows\Uninstall_tkexe.exe
2010-12-16 11:17:35 ----D---- C:\Program Files (x86)\TKexe

======List of files/folders modified in the last 1 months======

2011-01-14 14:41:26 ----D---- C:\Program Files\trend micro
2011-01-14 14:39:39 ----D---- C:\Windows\Temp
2011-01-14 14:38:19 ----D---- C:\Windows\system32\Tasks
2011-01-14 14:37:27 ----A---- C:\Windows\system32\BootTime.ini
2011-01-14 14:11:34 ----D---- C:\Users\Vítek\AppData\Roaming\ICQ
2011-01-14 13:32:09 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-01-14 13:31:36 ----RD---- C:\Program Files (x86)
2011-01-14 13:12:32 ----D---- C:\Windows\System32
2011-01-14 13:12:32 ----D---- C:\Windows\inf
2011-01-14 13:12:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-14 11:25:10 ----D---- C:\Windows
2011-01-14 11:15:47 ----D---- C:\Windows\Minidump
2011-01-13 23:23:25 ----D---- C:\Windows\system32\Filt
2011-01-13 23:05:53 ----D---- C:\Windows\system32\drivers\etc
2011-01-13 23:04:23 ----D---- C:\Windows\SysWOW64
2011-01-13 16:51:09 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-01-13 16:07:56 ----D---- C:\Windows\system32\catroot2
2011-01-13 07:41:30 ----SD---- C:\ProgramData\Microsoft
2011-01-13 07:40:13 ----A---- C:\Windows\system32\Defrag.ini
2011-01-12 22:49:52 ----A---- C:\Windows\ntbtlog.txt
2011-01-12 19:44:51 ----SHD---- C:\System Volume Information
2011-01-12 16:40:41 ----D---- C:\Users\Vítek\AppData\Roaming\Adobe
2011-01-12 14:27:33 ----D---- C:\Program Files (x86)\WebSite X5 v8 - Evolution
2011-01-12 11:41:38 ----D---- C:\Windows\Prefetch
2011-01-12 11:39:05 ----D---- C:\Users\Vítek\AppData\Roaming\uTorrent
2011-01-12 09:38:36 ----A---- C:\Windows\system32\AutoRunFilter.ini
2011-01-10 13:12:53 ----D---- C:\Windows\system32\config
2011-01-10 12:10:25 ----SHD---- C:\Windows\Installer
2011-01-10 12:10:13 ----D---- C:\Windows\winsxs
2011-01-10 12:08:58 ----D---- C:\Program Files\Common Files
2011-01-10 12:08:58 ----D---- C:\Program Files\Adobe
2011-01-10 12:00:04 ----D---- C:\Users\Vítek\AppData\Roaming\FileZilla
2011-01-10 11:02:07 ----D---- C:\ProgramData
2011-01-10 10:59:33 ----D---- C:\Program Files (x86)\Bonjour
2011-01-09 12:55:03 ----D---- C:\Program Files (x86)\Common Files
2011-01-09 08:22:20 ----RSD---- C:\Windows\assembly
2011-01-06 08:31:24 ----D---- C:\Windows\Microsoft.NET
2011-01-05 19:46:36 ----D---- C:\Program Files (x86)\Opera
2011-01-05 11:26:35 ----SD---- C:\Users\Vítek\AppData\Roaming\Microsoft
2011-01-05 11:23:18 ----RSD---- C:\Windows\Fonts
2011-01-03 17:45:32 ----D---- C:\ProgramData\hps
2011-01-03 11:51:53 ----D---- C:\ProgramData\tmp
2011-01-03 10:01:08 ----D---- C:\Users\Vítek\AppData\Roaming\PrimoPDF
2010-12-24 10:21:47 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 09658592;09658592 Boot Guard Driver; C:\Windows\system32\DRIVERS\09658592.sys [2009-10-22 40464]
R0 25460162;25460162 Boot Guard Driver; C:\Windows\system32\DRIVERS\25460162.sys [2009-10-22 40464]
R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2009-12-15 35384]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 408600]
R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2009-09-23 69152]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 25460161;25460161; C:\Windows\system32\DRIVERS\25460161.sys [2009-09-25 157712]
R1 afw;Agnitum Firewall Driver; C:\Windows\system32\DRIVERS\afw.sys [2009-02-18 31768]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-02 116568]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 SafDskNT;SafeHouse; \??\C:\Windows\system32\drivers\SAFDSKNT.SYS [2009-03-04 75088]
R1 SandBox;SandBox; \??\C:\Windows\system32\drivers\SandBox64.sys [2009-07-09 965832]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-11-22 83120]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 17464]
R3 afwcore;afwcore; C:\Windows\system32\drivers\afwcore.sys [2009-07-13 412696]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-07-09 140800]
R3 GUCI_AVS;ASUS USB2.0 UVC VGA WebCam; C:\Windows\system32\DRIVERS\GUCI_AVS.sys [2009-06-23 693248]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-12-15 8034368]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-08-23 56320]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S0 60851442;60851442 Boot Guard Driver; C:\Windows\system32\DRIVERS\60851442.sys []
S1 60851441;60851441; C:\Windows\system32\DRIVERS\60851441.sys []
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-12 40448]
S3 ASWFilt;ASWFilt; \??\C:\Windows\system32\Filt\ASWFilt64.dll [2009-07-09 42440]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-02-28 96296]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-02-28 134184]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-12-22 36392]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-02-28 21160]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 117248]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
S3 ipswuio;ipswuio; C:\Windows\System32\DRIVERS\ipswuio.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2007-09-05 203328]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\Windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\Windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\Windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-23 154168]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2009-07-17 2308936]
R2 Aladdin SQL Server;Aladdin SQL Server; C:\Program Files (x86)\Aladdin\Aladdin SQL Server\AladdinSQL.exe [2010-09-27 136192]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-12-09 267944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-05 135336]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-03-02 844328]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 FastBootAgent;FastBootAgent; C:\Windows\system32\FBAgent.exe [2009-08-21 356480]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-10-14 583640]
R2 ScsiAccess;ScsiAccess; C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [2010-03-20 186760]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-11-17 1353544]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 ADSMService;ADSM Service; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
R3 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-21 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-23 654848]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-13 136120]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1181328]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TuneUp.Defrag;@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-12-15 607048]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

Re: 0 bajtů na C:/ - zpomalení?

Napsal: 14 led 2011 19:13
od Rudy
Pokud se tímto problém nevyřešil, nevím, co jiného by mohl způsobovat ten problém. Důvodně se domnívám, že si něco stahuje některá legitimní aplikace. Z PC bylo smazáno vše, co by mohlo působit problémy, po virové stránce je zcela čistý.

Zkuste fyzicky odpojit PC od sítě a sledujte, zda se disk nebude zaplňovat. Pokud ne, nainstalujte nějaký osobní firewall, který vám bude kontrolovat komunikaci PC s interenetem. Vypíše vám všechna připojení a pokud budete postupně spojení blokovat, dojdete nakonec k tomu, ktyrý problém způsobuje. Jiná možnost je vědět, kde samovolně přibývají soubory a jaké. Žádnou jinou možnost (kromě reinstalu systému) už nevidím.

Re: 0 bajtů na C:/ - zpomalení?

Napsal: 14 led 2011 20:30
od Márty84
Dobry vecer, omlovam se Rudymu za vstup :oops:

Chci se zeptat, jak jste zkousel hledat ty nove soubory? Jen v urcitych slozkach, nebo na celem disku? Pokud jen v nekterych slozkach, zkuste jeste toto, az se vam zase bude blizit volne misto k nule

1) Kliknete nekde bokem na plochu (nekde do prazdna, ne na zadnou ikonu)
2) Zmacknete klavesu F3 (melo by na Vas vyskocit okno pro vyhledavani)
3) Otevrete moznost Rozsirene vyhledavani
4) Dejte zatrzitko na skryte a systemove sobory
5) Nastavte, at hleda na Mistni disk C
6) Misto napisu Datum, dejte Datum vytvoreni a vedle dejte Je (obrazek)
7) Kliknete na Hledat a cekejte, co najde. Pokud vam zdeli, ze nalezl prilis mnoho vysledku, nenechte se odbyt a nechte si zobrazit vsechny :)

Vyhledavani bude nejspis trvat dlouho, ale melo by se ukazat vsechno. Pripadne muzete urychlit vyhledavani tim, ze nastavite i velikost. To znamena ze bude hledat jen soubory treba vetsi, nez zadate. Pozor, je to v kB


No a pak je jeste jedna moznost. Neotvirejte Rozsirene hledani. Pouze napiste vpravo do toho pole, at hleda *.* Tim vam vyhleda uplne vsechny soubory v pc ovsem vsechna data (to pak jednoduse nechate seradit podle data). Nebo aspon teoreticky by mel :D Ale to take bude trvat hodne dlouho. Samozrejme ale nezapomente zadat, at zase hleda na celem disku.


Pokud jste to takto hledal, tak tento prispevek ignorujte :wink:

Preji hezky vikend a hlavne uspesne vyreseni :)

Re: 0 bajtů na C:/ - zpomalení?

Napsal: 14 led 2011 20:37
od Márty84
Jeste dodatek
Takhle by vypadal ten druhy zpusob hledani :)

Re: 0 bajtů na C:/ - zpomalení?

Napsal: 15 led 2011 01:42
od chvavi
Diky Rudy za rady, Diky i Martymu za snahu.
Podle druhého postupu jsem hned po restartu dal hledání - compl se zpomaloval.
Přikládam PRTSC.

Bez názvu.jpg
(716.15 KiB) Staženo 47 x

Re: 0 bajtů na C:/ - zpomalení?

Napsal: 15 led 2011 09:31
od Márty84
Hezke sobotni dopoledne preji. Jeste jednou sem vlezu, prominte Rudy :oops:

V tom hledani se to radi tak, ze nahore jsou vzdycky slozky a az pak zacinaji primo soubory (na tech obrazcich je vzdy napsano ve sloupecku Typ - slozka souboru). Zkuste sem dat jeste obrazky primo nejakych souboru (jako Typ tam bude bud aplikace, nebo obrazek, dokument atd.). A mrknete u nich taky na velikost. Pokud tam nepujde primo zobrazit, muzete tady pak Rudymu napsat, ktere z nich jsou nejvetsi. Sice nevim, jestli to k necemu bude, ale za zkousku nic nedate :)

A jeste me napadlo, pokud se to bude tedy zase zaplnovat, muzete spustit vyhledavani treba chvili po startu (10 minut) a pak treba znovu za pul hodiny. Aspon tak lepe poznate, co pribylo :wink:

Re: 0 bajtů na C:/ - zpomalení?

Napsal: 15 led 2011 11:23
od chvavi
Děkuji,
ja tomu nerozumim... kdyz zapnu PC, tak je na cecku kolem 3,5GB, a ted 14GB!... Pokusim se to vypozorovat.. Mezi tim jsem blokoval nejaka okna firewallem... mozna to bude tim..

Re: 0 bajtů na C:/ - zpomalení?

Napsal: 15 led 2011 11:39
od Rudy
chvavi píše:Mezi tim jsem blokoval nejaka okna firewallem... mozna to bude tim..
Je to možné.
Všechny časy jsou v UTC+01:00
Stránka 3 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz