Možný vír v PC

Zpráva

Narfyk · #1 Příspěvek od **Narfyk** » 27 pro 2010 15:48

Zdravím. Som tu zase. Brat nutne potreboval ísť na PC tak som ho sem na 10 minút pustil a už som len videl ako bežal preč. A po prihlásení mi ESET blokoval rôzne stránky, brat sa pokúšal niečo cracknúť.
Zopár vecí som už pomazal ale neviem či to je všetko (boli v Tempe, niečo ako Hgg.exe a Hgh.exe)
Log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2010-12-27 15:46:46
Microsoft Windows 7 Home Premium
System drive C: has 22 GB (44%) free of 50 GB
Total RAM: 2991 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:46:53, on 27. 12. 2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\windows\system32\taskhost.exe
C:\windows\explorer.exe
D:\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jumpstyle.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [DTRun] c:\Program Files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Hercules DJ Series] D:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
O4 - HKLM\..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [JP595IR86O] C:\Users\Admin\AppData\Local\Temp\Hgf.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\system32\flcdlock.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - D:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - D:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system32\uArcCapture.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe

--
End of file - 12265 bytes

======Scheduled tasks folder======

C:\windows\tasks\qouy.job
C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-12-12 117248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03 1471752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-23 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QLBController"=C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-01-05 254520]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-08-25 186904]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2009-10-23 563736]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-09-28 1791272]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2009-12-16 8192]
"File Sanitizer"=C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2009-12-12 11265536]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-12-03 495711]
"DTRun"=c:\Program Files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [2009-11-19 518656]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-06-25 98304]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-04-09 2029640]
"Hercules DJ Series"=D:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe [2009-07-09 505128]
"Creative SB Monitoring Utility"=RunDll32 sbavmon.dll,SBAVMonitor []
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2010-08-23 1691192]
"Windows Mobile Device Center"=C:\windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-06-17 2363392]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-09-23 4240760]
"JP595IR86O"=C:\Users\Admin\AppData\Local\Temp\Hgf.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\windows\system32\DeviceNP.dll [2009-11-17 75320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2010-12-27 15:44:54 ----A---- C:\windows\Hxevia.exe
2010-12-27 15:44:50 ----RASH---- C:\windows\system32\nlmsprepu.dll
2010-12-25 15:38:41 ----A---- C:\windows\system32\PSP VintageWarmer2.dll
2010-12-25 11:52:21 ----D---- C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2010-12-23 15:50:12 ----D---- C:\Program Files\coolpro2
2010-12-23 15:45:59 ----D---- C:\Temp
2010-12-22 17:42:10 ----D---- C:\Program Files\Common Files\Native Instruments
2010-12-20 19:16:20 ----D---- C:\Program Files\Common Files\Skype
2010-12-16 14:11:18 ----A---- C:\windows\system32\iertutil.dll
2010-12-16 14:11:16 ----A---- C:\windows\system32\mstime.dll
2010-12-16 14:11:15 ----A---- C:\windows\system32\mshtml.dll
2010-12-16 14:11:14 ----A---- C:\windows\system32\ieframe.dll
2010-12-16 14:11:13 ----A---- C:\windows\system32\wininet.dll
2010-12-16 14:11:13 ----A---- C:\windows\system32\urlmon.dll
2010-12-16 14:11:12 ----A---- C:\windows\system32\mshtmled.dll
2010-12-16 14:11:12 ----A---- C:\windows\system32\msfeedssync.exe
2010-12-16 14:11:12 ----A---- C:\windows\system32\msfeedsbs.dll
2010-12-16 14:11:12 ----A---- C:\windows\system32\msfeeds.dll
2010-12-16 14:11:12 ----A---- C:\windows\system32\licmgr10.dll
2010-12-16 14:11:12 ----A---- C:\windows\system32\jsproxy.dll
2010-12-16 14:11:12 ----A---- C:\windows\system32\ieui.dll
2010-12-16 14:11:12 ----A---- C:\windows\system32\iepeers.dll
2010-12-16 14:11:12 ----A---- C:\windows\system32\iedkcs32.dll
2010-12-16 14:06:07 ----A---- C:\windows\system32\taskschd.dll
2010-12-16 14:06:07 ----A---- C:\windows\system32\schedsvc.dll
2010-12-16 14:06:06 ----A---- C:\windows\system32\wmicmiplugin.dll
2010-12-16 14:06:06 ----A---- C:\windows\system32\taskeng.exe
2010-12-16 14:06:06 ----A---- C:\windows\system32\taskcomp.dll
2010-12-16 14:06:06 ----A---- C:\windows\system32\schtasks.exe
2010-12-16 13:59:44 ----A---- C:\windows\system32\tzres.dll
2010-12-16 13:51:21 ----A---- C:\windows\system32\atmlib.dll
2010-12-16 13:51:21 ----A---- C:\windows\system32\atmfd.dll
2010-12-16 13:51:03 ----A---- C:\windows\system32\webio.dll
2010-12-16 13:50:51 ----A---- C:\windows\system32\consent.exe
2010-12-16 13:50:43 ----A---- C:\windows\system32\win32k.sys
2010-12-14 07:29:31 ----D---- C:\windows\WindowsMobile
2010-12-13 21:49:34 ----D---- C:\ProgramData\NextUp
2010-12-06 19:10:07 ----D---- C:\ProgramData\Electronic Arts
2010-12-06 19:10:07 ----D---- C:\ProgramData\EA Core
2010-12-06 19:01:40 ----A---- C:\windows\system32\XAudio2_6.dll
2010-12-06 19:01:40 ----A---- C:\windows\system32\XAPOFX1_4.dll
2010-12-06 19:01:40 ----A---- C:\windows\system32\xactengine3_6.dll
2010-12-06 19:01:40 ----A---- C:\windows\system32\X3DAudio1_7.dll
2010-12-06 19:01:39 ----A---- C:\windows\system32\xactengine3_5.dll
2010-12-06 19:01:39 ----A---- C:\windows\system32\d3dx11_42.dll
2010-12-06 19:01:39 ----A---- C:\windows\system32\d3dcsx_42.dll
2010-12-06 19:01:39 ----A---- C:\windows\system32\D3DCompiler_42.dll
2010-12-06 19:01:38 ----A---- C:\windows\system32\XAudio2_4.dll
2010-12-06 19:01:38 ----A---- C:\windows\system32\xactengine3_4.dll
2010-12-06 19:01:38 ----A---- C:\windows\system32\X3DAudio1_6.dll
2010-12-06 19:01:38 ----A---- C:\windows\system32\D3DX9_41.dll
2010-12-06 19:01:38 ----A---- C:\windows\system32\D3DCompiler_40.dll
2010-12-06 19:01:37 ----A---- C:\windows\system32\XAudio2_3.dll
2010-12-06 19:01:37 ----A---- C:\windows\system32\XAudio2_2.dll
2010-12-06 19:01:37 ----A---- C:\windows\system32\XAPOFX1_2.dll
2010-12-06 19:01:37 ----A---- C:\windows\system32\XAPOFX1_1.dll
2010-12-06 19:01:37 ----A---- C:\windows\system32\xactengine3_3.dll
2010-12-06 19:01:37 ----A---- C:\windows\system32\xactengine3_2.dll
2010-12-06 19:01:37 ----A---- C:\windows\system32\X3DAudio1_5.dll
2010-12-06 19:01:37 ----A---- C:\windows\system32\D3DX9_40.dll
2010-12-06 19:01:37 ----A---- C:\windows\system32\D3DX9_39.dll
2010-12-06 19:01:37 ----A---- C:\windows\system32\d3dx10_40.dll
2010-12-06 19:01:37 ----A---- C:\windows\system32\d3dx10_39.dll
2010-12-06 19:01:37 ----A---- C:\windows\system32\D3DCompiler_39.dll
2010-12-06 19:01:36 ----A---- C:\windows\system32\XAudio2_1.dll
2010-12-06 19:01:36 ----A---- C:\windows\system32\XAudio2_0.dll
2010-12-06 19:01:36 ----A---- C:\windows\system32\XAPOFX1_0.dll
2010-12-06 19:01:36 ----A---- C:\windows\system32\xactengine3_1.dll
2010-12-06 19:01:36 ----A---- C:\windows\system32\xactengine3_0.dll
2010-12-06 19:01:36 ----A---- C:\windows\system32\X3DAudio1_4.dll
2010-12-06 19:01:36 ----A---- C:\windows\system32\X3DAudio1_3.dll
2010-12-06 19:01:36 ----A---- C:\windows\system32\D3DX9_38.dll
2010-12-06 19:01:36 ----A---- C:\windows\system32\d3dx10_38.dll
2010-12-06 19:01:36 ----A---- C:\windows\system32\D3DCompiler_38.dll
2010-12-06 19:01:35 ----A---- C:\windows\system32\xactengine2_9.dll
2010-12-06 19:01:35 ----A---- C:\windows\system32\xactengine2_10.dll
2010-12-06 19:01:35 ----A---- C:\windows\system32\D3DX9_37.dll
2010-12-06 19:01:35 ----A---- C:\windows\system32\d3dx9_36.dll
2010-12-06 19:01:35 ----A---- C:\windows\system32\d3dx10_37.dll
2010-12-06 19:01:35 ----A---- C:\windows\system32\d3dx10_36.dll
2010-12-06 19:01:35 ----A---- C:\windows\system32\d3dx10_35.dll
2010-12-06 19:01:35 ----A---- C:\windows\system32\D3DCompiler_37.dll
2010-12-06 19:01:35 ----A---- C:\windows\system32\D3DCompiler_36.dll
2010-12-06 19:01:35 ----A---- C:\windows\system32\D3DCompiler_35.dll
2010-12-06 19:01:34 ----A---- C:\windows\system32\xinput1_3.dll
2010-12-06 19:01:34 ----A---- C:\windows\system32\xactengine2_8.dll
2010-12-06 19:01:34 ----A---- C:\windows\system32\xactengine2_7.dll
2010-12-06 19:01:34 ----A---- C:\windows\system32\X3DAudio1_2.dll
2010-12-06 19:01:34 ----A---- C:\windows\system32\d3dx9_35.dll
2010-12-06 19:01:34 ----A---- C:\windows\system32\d3dx9_34.dll
2010-12-06 19:01:34 ----A---- C:\windows\system32\d3dx10_34.dll
2010-12-06 19:01:34 ----A---- C:\windows\system32\D3DCompiler_34.dll
2010-12-06 19:01:33 ----A---- C:\windows\system32\xactengine2_6.dll
2010-12-06 19:01:33 ----A---- C:\windows\system32\xactengine2_5.dll
2010-12-06 19:01:33 ----A---- C:\windows\system32\d3dx9_33.dll
2010-12-06 19:01:33 ----A---- C:\windows\system32\d3dx10_33.dll
2010-12-06 19:01:33 ----A---- C:\windows\system32\d3dx10.dll
2010-12-06 19:01:33 ----A---- C:\windows\system32\D3DCompiler_33.dll
2010-12-06 19:01:32 ----A---- C:\windows\system32\xactengine2_4.dll
2010-12-06 19:01:32 ----A---- C:\windows\system32\x3daudio1_1.dll
2010-12-06 19:01:32 ----A---- C:\windows\system32\d3dx9_31.dll
2010-12-06 19:01:31 ----A---- C:\windows\system32\xinput1_2.dll
2010-12-06 19:01:31 ----A---- C:\windows\system32\xinput1_1.dll
2010-12-06 19:01:31 ----A---- C:\windows\system32\xactengine2_3.dll
2010-12-06 19:01:31 ----A---- C:\windows\system32\xactengine2_2.dll
2010-12-06 19:01:31 ----A---- C:\windows\system32\xactengine2_1.dll
2010-12-06 19:01:23 ----A---- C:\windows\system32\xactengine2_0.dll
2010-12-06 19:01:23 ----A---- C:\windows\system32\x3daudio1_0.dll
2010-12-06 19:01:23 ----A---- C:\windows\system32\d3dx9_30.dll
2010-12-06 19:01:23 ----A---- C:\windows\system32\d3dx9_29.dll
2010-12-06 19:01:22 ----A---- C:\windows\system32\d3dx9_28.dll
2010-12-06 19:01:21 ----A---- C:\windows\system32\d3dx9_27.dll
2010-12-06 19:01:21 ----A---- C:\windows\system32\d3dx9_26.dll
2010-12-06 19:01:20 ----A---- C:\windows\system32\d3dx9_24.dll
2010-12-06 19:00:15 ----D---- C:\ProgramData\Solidshield
2010-12-03 14:10:44 ----D---- C:\ProgramData\Creative Labs
2010-12-03 14:05:51 ----D---- C:\Program Files\Common Files\Creative Labs Shared
2010-12-03 14:01:57 ----HD---- C:\Program Files\Creative Installation Information
2010-11-30 14:24:09 ----D---- C:\ProgramData\YAMAHA

======List of files/folders modified in the last 1 months======

2010-12-27 15:46:48 ----D---- C:\windows\Temp
2010-12-27 15:46:48 ----D---- C:\Program Files\trend micro
2010-12-27 15:45:56 ----D---- C:\Users\Admin\AppData\Roaming\Skype
2010-12-27 15:45:00 ----D---- C:\windows\system32\Tasks
2010-12-27 15:44:59 ----D---- C:\windows\Tasks
2010-12-27 15:44:54 ----D---- C:\Windows
2010-12-27 15:44:52 ----D---- C:\windows\Prefetch
2010-12-27 15:44:50 ----D---- C:\windows\System32
2010-12-27 14:55:46 ----D---- C:\windows\inf
2010-12-27 14:55:46 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-12-27 14:54:44 ----D---- C:\Users\Admin\AppData\Roaming\ICQ
2010-12-27 14:54:38 ----D---- C:\Users\Admin\AppData\Roaming\skypePM
2010-12-27 11:34:27 ----D---- C:\windows\system32\config
2010-12-26 23:29:21 ----AD---- C:\ProgramData\TEMP
2010-12-26 22:21:02 ----D---- C:\ProgramData\HPQLOG
2010-12-26 22:20:56 ----A---- C:\windows\system32\log.txt
2010-12-26 15:27:35 ----SHD---- C:\windows\Installer
2010-12-25 21:46:39 ----D---- C:\Users\Admin\AppData\Roaming\uTorrent
2010-12-25 11:55:22 ----D---- C:\windows\Help
2010-12-25 11:55:21 ----D---- C:\windows\winsxs
2010-12-25 11:54:58 ----SHD---- C:\System Volume Information
2010-12-25 11:53:36 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-25 11:53:27 ----RSD---- C:\windows\assembly
2010-12-25 11:52:56 ----D---- C:\Program Files\Hewlett-Packard
2010-12-25 11:52:21 ----HD---- C:\ProgramData
2010-12-25 11:51:28 ----D---- C:\swsetup
2010-12-25 11:49:32 ----D---- C:\ProgramData\Hewlett-Packard
2010-12-23 15:50:12 ----RD---- C:\Program Files
2010-12-23 15:46:04 ----SD---- C:\ProgramData\Microsoft
2010-12-23 15:46:00 ----A---- C:\windows\win.ini
2010-12-23 15:46:00 ----A---- C:\windows\system.ini
2010-12-22 17:42:10 ----D---- C:\Program Files\Common Files
2010-12-20 19:16:20 ----RD---- C:\Program Files\Skype
2010-12-20 19:16:12 ----D---- C:\ProgramData\Skype
2010-12-17 23:26:10 ----D---- C:\windows\debug
2010-12-17 20:55:49 ----D---- C:\Program Files\Microsoft Silverlight
2010-12-17 14:52:19 ----D---- C:\windows\rescache
2010-12-16 15:18:57 ----D---- C:\windows\system32\sk-SK
2010-12-16 15:18:57 ----D---- C:\Program Files\Windows Mail
2010-12-16 15:18:57 ----D---- C:\Program Files\Internet Explorer
2010-12-16 15:18:56 ----D---- C:\windows\system32\migration
2010-12-16 14:13:10 ----D---- C:\windows\system32\catroot
2010-12-16 14:11:43 ----A---- C:\windows\system32\MRT.exe
2010-12-16 13:52:50 ----D---- C:\windows\system32\catroot2
2010-12-15 20:08:55 ----D---- C:\Users\Admin\AppData\Roaming\Adobe
2010-12-15 20:08:55 ----D---- C:\ProgramData\Adobe
2010-12-14 14:21:26 ----D---- C:\windows\Minidump
2010-12-14 07:30:04 ----D---- C:\windows\system32\LogFiles
2010-12-14 07:29:24 ----D---- C:\windows\system32\DriverStore
2010-12-13 21:49:58 ----SD---- C:\Users\Admin\AppData\Roaming\Microsoft
2010-12-03 22:43:14 ----D---- C:\windows\system32\drivers
2010-12-03 16:15:20 ----D---- C:\windows\system32\NDF
2010-12-03 15:44:05 ----D---- C:\Program Files\Creative
2010-12-03 15:44:04 ----D---- C:\ProgramData\Creative

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 25656]
R0 iaStor;Intel RAID Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-08-07 330264]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2009-12-16 110520]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-12-16 51800]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2009-12-16 13256]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-08-08 691696]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
R1 mfehidk;McAfee Inc. mfehidk; C:\windows\system32\drivers\mfehidk.sys [2009-05-16 214024]
R1 mfetdik;McAfee Inc. mfetdik; C:\windows\system32\drivers\mfetdik.sys [2009-05-16 55336]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2009-12-16 40088]
R1 vmm;Virtual Machine Monitor; \??\C:\windows\system32\Drivers\vmm.sys [2010-11-26 229208]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamon;eamon; C:\windows\system32\DRIVERS\eamon.sys [2009-04-09 113960]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2009-04-09 133000]
R2 epfwwfp;epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [2009-04-09 38240]
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 33848]
R3 Afc;PPdus ASPI Shell; C:\windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2010-06-18 5586944]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2010-06-18 210432]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 29824]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2009-10-05 1221632]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\windows\system32\drivers\AtiHdmi.sys [2010-05-06 108560]
R3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-09-17 86056]
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2009-09-17 108072]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-09-17 18472]
R3 Epfwndis;Eset Personal Firewall; C:\windows\system32\DRIVERS\Epfwndis.sys [2009-04-09 33096]
R3 HECI;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECI.sys [2009-09-17 41088]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2009-07-16 15872]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2009-12-19 1763968]
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt.sys [2009-12-03 423424]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-09-28 1303728]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2010-06-18 5586944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 Bulk;HDJBulk; C:\windows\System32\Drivers\HDJBulk.sys [2009-07-08 126464]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv.sys [2009-10-21 32312]
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 HDJMidi;DJ Control MP3 e2 MIDI; C:\windows\system32\DRIVERS\HDJMidi.sys [2009-07-08 124416]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]
S3 ksaud;Creative USB Audio Driver; C:\windows\system32\drivers\ksaud.sys [2009-08-05 886912]
S3 MfeAVFK;McAfee Inc. MfeAVFK; C:\windows\system32\drivers\MfeAVFK.sys [2009-05-16 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK; C:\windows\system32\drivers\MfeBOPK.sys [2009-05-16 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK; C:\windows\system32\drivers\MfeRKDK.sys [2009-05-16 34248]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2009-11-11 181792]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 30720]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb Driver; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S4 Ipprgp;Ipprgp; C:\windows\system32\drivers\btwl2cap.sys [2009-09-17 29472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\aestsrv.exe [2009-03-03 81920]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2010-06-18 176128]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-09-04 595232]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2009-11-25 300808]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
R2 HerculesDJControlMP3;Hercules DJ Control MP3; D:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-11-15 126520]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-08-23 103992]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-19 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 HPDayStarterService;HP DayStarter Service; c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-01-08 81920]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-01-05 264248]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 26168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-08-25 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2009-10-23 635416]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe [2009-12-03 229461]
R2 TeamViewer5;TeamViewer 5; D:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R2 uArcCapture;ArcCapture; C:\windows\system32\uArcCapture.exe [2009-12-04 506472]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2010-10-14 751672]
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2009-12-14 1639728]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-09-28 68096]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-04-09 20680]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\system32\flcdlock.exe [2009-11-17 362040]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-07-29 1343400]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 27 pro 2010 15:58

Zdravím

Všechno to není...

Obrázek

Stáhněte na plochu CKScanner http://downloads.malwareremoval.com/CKScanner.exe

Spusťte a klikněte na "Search For Files", po dokončení skenu klikněte na "Save List to File" -> "OK"
Log s názvem ckfiles.txt bude uložený na ploše, obsah tohoto souboru sem vložte.

Stáhněte a spusťte WVCheck.exe nebo WVCheck.zip

Stiskněte "Enter".
Program začne prohledávat PC, délka skenu závisí na množství(velikosti) souborů, ale obvykle netrvá déle, než 5 minut.
Po dokončení skenu na Vás vyskočí log, ten vložte do topicu. Log je také uložený na ploše.

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Narfyk · #3 Příspěvek od **Narfyk** » 27 pro 2010 16:10

CKScanner:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\common files\native instruments\shared content\sounds\fm8\fm7 factory\beam cracker bass.ksd
c:\program files\common files\native instruments\shared content\sounds\fm8\fm7 factory\cracklephone.ksd
c:\program files\image-line\drumaxx\drum patches\sound fx\crack.dmpatch
c:\program files\image-line\hardcore\presets\i cracked my tube!.hdprg
scanner sequence 3.CA.11
----- EOF -----

WVCheck:
Windows Validation Check
Version: 1.9.11.4
Log Created On: 1606_27-12-2010
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7
Windows Mode: Normal
Systemroot Path: C:\windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2010-12-27 10:24:28
Last Success Time for Update Download: 2010-12-24 11:21:35
Last Success Time for Update Installation: 2010-12-24 11:21:54

WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------

WVCheck's File Dump
-----------------------
WVCheck found no known bad files.

WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.

WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.

WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.

WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 34b7e222e81fafa885f0c5f2cfa56861

-------- End of File, program close at 1609_27-12-2010 --------
Teraz už len OTL.

Narfyk · #4 Příspěvek od **Narfyk** » 27 pro 2010 16:14

poprosil by som návod na OTL v anglickom jazyku. Ďakujem

EDIT: UŽ NETREBA ! Našiel som to sám

Narfyk · #5 Příspěvek od **Narfyk** » 27 pro 2010 16:33

OTL.txt-1.časť:
OTL logfile created on: 12/27/2010 4:19:58 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Admin\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 21.23 Gb Free Space | 43.47% Space Free | Partition Type: NTFS
Drive D: | 397.30 Gb Total Space | 236.00 Gb Free Space | 59.40% Space Free | Partition Type: NTFS
Drive E: | 15.00 Gb Total Space | 6.52 Gb Free Space | 43.50% Space Free | Partition Type: NTFS
Drive H: | 4.32 Gb Total Space | 3.82 Gb Free Space | 88.31% Space Free | Partition Type: FAT32

Computer Name: PC4 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/27 16:07:57 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2010/12/11 15:09:48 | 000,016,856 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/11 15:09:47 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/10/14 17:26:04 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/08/23 10:40:42 | 001,691,192 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
PRC - [2010/08/23 10:40:40 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
PRC - [2010/07/06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- D:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/06/18 12:33:22 | 000,376,832 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/06/18 12:32:58 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/01/08 01:14:12 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
PRC - [2010/01/05 04:36:04 | 000,264,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2010/01/05 04:35:22 | 000,254,520 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
PRC - [2009/12/16 23:51:46 | 000,363,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2009/12/16 23:51:46 | 000,102,968 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2009/12/16 02:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/12/12 02:57:38 | 011,265,536 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2009/12/12 02:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/12/04 13:22:40 | 000,506,472 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\System32\uArcCapture.exe
PRC - [2009/12/03 21:30:42 | 000,495,711 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/12/03 21:30:42 | 000,229,461 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\stacsv.exe
PRC - [2009/11/25 03:57:20 | 000,627,976 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2009/11/25 03:57:20 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
PRC - [2009/11/19 00:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2009/11/04 22:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 22:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/23 20:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/09/04 20:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/09/04 20:43:38 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/09/04 20:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/25 17:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/25 17:57:44 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/07/09 10:41:16 | 000,505,128 | ---- | M] (Hercules®) -- D:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
PRC - [2009/04/09 14:19:08 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/04/09 14:17:56 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/03/03 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\AEstSrv.exe
PRC - [2007/11/21 12:17:02 | 000,017,408 | ---- | M] () -- D:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
PRC - [2007/07/24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (SafeList) ==========

MOD - [2010/12/27 16:07:57 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/08/23 10:40:40 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2010/07/29 09:32:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- D:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/06/18 12:32:58 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/01/08 01:14:12 | 000,081,920 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe -- (HPDayStarterService)
SRV - [2010/01/05 04:36:04 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2009/12/16 23:51:46 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2009/12/16 02:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/12/14 18:47:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009/12/12 02:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/12/04 13:22:40 | 000,506,472 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\System32\uArcCapture.exe -- (uArcCapture)
SRV - [2009/12/03 21:30:42 | 000,229,461 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\stacsv.exe -- (STacSV)
SRV - [2009/11/25 03:57:20 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/11/19 00:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/11/17 23:39:16 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/11/04 22:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 22:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/23 20:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/09/28 17:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/04 20:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/25 17:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/04/09 14:29:20 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/04/09 14:19:08 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/03/03 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\AEstSrv.exe -- (AESTFilters)
SRV - [2007/11/21 12:17:02 | 000,017,408 | ---- | M] () [Auto | Running] -- D:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV - [2007/07/24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - [2010/11/26 14:23:56 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2010/09/28 17:48:27 | 001,303,728 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2010/08/08 13:58:00 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/18 13:14:36 | 005,586,944 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/06/18 13:14:36 | 005,586,944 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/06/18 11:58:54 | 000,210,432 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/05/06 04:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/03/04 12:42:58 | 000,277,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/12/19 00:13:44 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/12/16 02:12:28 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009/12/16 02:12:16 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/12/16 02:12:14 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009/12/16 02:12:10 | 000,110,520 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/12/04 11:48:18 | 000,029,824 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV - [2009/12/03 21:30:42 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/11/11 10:11:00 | 000,181,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/10/21 22:37:52 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2009/10/05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/17 21:54:50 | 000,018,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/09/17 21:54:42 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (Ipprgp)
DRV - [2009/09/17 21:54:42 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/09/17 21:54:40 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2009/09/17 21:54:36 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2009/09/17 21:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/08/05 10:52:28 | 000,886,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ksaud.sys -- (ksaud)
DRV - [2009/08/04 12:15:36 | 000,033,736 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ymidusbw.sys -- (YMIDUSBW) Yamaha USB-MIDI Driver (WDM)
DRV - [2009/07/16 22:16:50 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/08 22:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2009/07/08 22:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV - [2009/07/08 10:42:30 | 000,124,416 | ---- | M] (© Guillemot R&D, 2009. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi)
DRV - [2009/07/08 10:42:26 | 000,126,464 | ---- | M] (© Guillemot R&D, 2009. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJBulk.sys -- (Bulk)
DRV - [2009/06/10 22:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/05/16 02:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/16 02:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/16 02:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/16 02:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/16 02:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/04/09 14:21:14 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/04/09 14:21:10 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/04/09 14:21:06 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/04/09 14:18:02 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/04/09 14:10:30 | 000,113,960 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2007/01/29 05:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006/11/10 23:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3863125621-3407463611-2706026323-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.jumpstyle.sk/
IE - HKU\S-1-5-21-3863125621-3407463611-2706026323-1002\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3863125621-3407463611-2706026323-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://jumpstyle.sk/"

FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/02/02 05:40:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/12/11 15:09:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/12/11 15:09:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/07/29 12:14:14 | 000,000,000 | ---D | M]

[2010/10/27 19:58:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2010/12/16 15:28:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\h3sxwii9.default\extensions

O1 HOSTS File: ([2010/09/04 16:04:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKU\S-1-5-21-3863125621-3407463611-2706026323-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [DTRun] c:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Hercules DJ Series] D:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-3863125621-3407463611-2706026323-1002..\Run: [JP595IR86O] C:\Users\Admin\AppData\Local\Temp\Hgf.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9a614e45-ed0a-11df-b2d4-002713c6c2b3}\Shell - "" = AutoRun
O33 - MountPoints2\{9a614e45-ed0a-11df-b2d4-002713c6c2b3}\Shell\AutoRun\command - "" = I:\Autorun.exe -- File not found
O33 - MountPoints2\{9d4ea18d-9ed3-11df-8786-002713c6c2b3}\Shell - "" = AutoRun
O33 - MountPoints2\{9d4ea18d-9ed3-11df-8786-002713c6c2b3}\Shell\AutoRun\command - "" = L:\iStudio.exe -- File not found
O33 - MountPoints2\{c7a85734-a2ec-11df-97fd-002713c6c2b3}\Shell - "" = AutoRun
O33 - MountPoints2\{c7a85734-a2ec-11df-97fd-002713c6c2b3}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.vorbis - C:\windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\windows\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: VIDC.FPS1 - C:\windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.tscc - C:\windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

Narfyk · #6 Příspěvek od **Narfyk** » 27 pro 2010 16:34

OTL.txt-2.časť:
========== Files/Folders - Created Within 30 Days ==========

[2010/12/27 16:07:51 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2010/12/27 16:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/12/27 16:03:02 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NSS
[2010/12/27 16:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/12/27 16:03:02 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NSS\0300000.067
[2010/12/27 16:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/12/27 16:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/12/27 16:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/12/27 16:02:41 | 000,497,016 | ---- | C] (Symantec Corporation) -- C:\Users\Admin\Documents\nssstub.exe
[2010/12/27 15:44:54 | 000,252,416 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\Hxevia.exe
[2010/12/25 11:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}
[2010/12/23 15:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\coolpro2
[2010/12/23 15:45:59 | 000,000,000 | ---D | C] -- C:\Temp
[2010/12/23 15:45:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\Application Data
[2010/12/22 17:42:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Native Instruments
[2010/12/22 17:42:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Native Instruments
[2010/12/22 17:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2010/12/20 19:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/12/20 17:44:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\film
[2010/12/19 20:03:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Nový priečinok
[2010/12/16 14:11:16 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010/12/16 14:11:12 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2010/12/16 14:11:12 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2010/12/16 14:11:12 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010/12/16 14:11:12 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010/12/16 14:11:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2010/12/16 14:11:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010/12/16 14:11:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010/12/16 14:11:12 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2010/12/16 14:11:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2010/12/16 14:11:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2010/12/16 14:06:07 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
[2010/12/16 14:06:06 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll
[2010/12/16 14:06:06 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
[2010/12/16 14:06:06 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe
[2010/12/16 13:59:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010/12/16 13:51:21 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010/12/16 13:51:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2010/12/16 13:51:03 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2010/12/16 13:50:51 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2010/12/16 13:50:43 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010/12/14 07:29:31 | 000,000,000 | ---D | C] -- C:\windows\WindowsMobile
[2010/12/13 21:49:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\NextUp
[2010/12/13 21:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NextUp
[2010/12/06 19:10:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Criterion Games
[2010/12/06 19:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010/12/06 19:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2010/12/06 19:01:40 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_6.dll
[2010/12/06 19:01:40 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_6.dll
[2010/12/06 19:01:40 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_4.dll
[2010/12/06 19:01:40 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_7.dll
[2010/12/06 19:01:39 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dcsx_42.dll
[2010/12/06 19:01:39 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_42.dll
[2010/12/06 19:01:39 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_5.dll
[2010/12/06 19:01:39 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx11_42.dll
[2010/12/06 19:01:38 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_41.dll
[2010/12/06 19:01:38 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_40.dll
[2010/12/06 19:01:38 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_4.dll
[2010/12/06 19:01:38 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_4.dll
[2010/12/06 19:01:38 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_6.dll
[2010/12/06 19:01:37 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_40.dll
[2010/12/06 19:01:37 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_39.dll
[2010/12/06 19:01:37 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_39.dll
[2010/12/06 19:01:37 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_3.dll
[2010/12/06 19:01:37 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_2.dll
[2010/12/06 19:01:37 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_39.dll
[2010/12/06 19:01:37 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_40.dll
[2010/12/06 19:01:37 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_2.dll
[2010/12/06 19:01:37 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_3.dll
[2010/12/06 19:01:37 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_2.dll
[2010/12/06 19:01:37 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_1.dll
[2010/12/06 19:01:37 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_5.dll
[2010/12/06 19:01:36 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_38.dll
[2010/12/06 19:01:36 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_38.dll
[2010/12/06 19:01:36 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_1.dll
[2010/12/06 19:01:36 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_0.dll
[2010/12/06 19:01:36 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_38.dll
[2010/12/06 19:01:36 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_1.dll
[2010/12/06 19:01:36 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_0.dll
[2010/12/06 19:01:36 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_0.dll
[2010/12/06 19:01:36 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_4.dll
[2010/12/06 19:01:36 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_3.dll
[2010/12/06 19:01:35 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_37.dll
[2010/12/06 19:01:35 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_36.dll
[2010/12/06 19:01:35 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_37.dll
[2010/12/06 19:01:35 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_36.dll
[2010/12/06 19:01:35 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_35.dll
[2010/12/06 19:01:35 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_37.dll
[2010/12/06 19:01:35 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_36.dll
[2010/12/06 19:01:35 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_35.dll
[2010/12/06 19:01:35 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_10.dll
[2010/12/06 19:01:35 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_9.dll
[2010/12/06 19:01:34 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_35.dll
[2010/12/06 19:01:34 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_34.dll
[2010/12/06 19:01:34 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_34.dll
[2010/12/06 19:01:34 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_34.dll
[2010/12/06 19:01:34 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_8.dll
[2010/12/06 19:01:34 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_7.dll
[2010/12/06 19:01:34 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_3.dll
[2010/12/06 19:01:34 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_2.dll
[2010/12/06 19:01:33 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_33.dll
[2010/12/06 19:01:33 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_33.dll
[2010/12/06 19:01:33 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_33.dll
[2010/12/06 19:01:33 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10.dll
[2010/12/06 19:01:33 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_6.dll
[2010/12/06 19:01:33 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_5.dll
[2010/12/06 19:01:32 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_31.dll
[2010/12/06 19:01:32 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_4.dll
[2010/12/06 19:01:32 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\x3daudio1_1.dll
[2010/12/06 19:01:31 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_3.dll
[2010/12/06 19:01:31 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_2.dll
[2010/12/06 19:01:31 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_1.dll
[2010/12/06 19:01:31 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_2.dll
[2010/12/06 19:01:31 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_1.dll
[2010/12/06 19:01:23 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_30.dll
[2010/12/06 19:01:23 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_29.dll
[2010/12/06 19:01:23 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_0.dll
[2010/12/06 19:01:23 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\x3daudio1_0.dll
[2010/12/06 19:01:22 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_28.dll
[2010/12/06 19:01:21 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_27.dll
[2010/12/06 19:01:21 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_26.dll
[2010/12/06 19:01:20 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_24.dll
[2010/12/06 19:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2010/12/03 14:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2010/12/03 14:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2010/12/03 14:01:57 | 000,000,000 | -H-D | C] -- C:\Program Files\Creative Installation Information
[2010/11/30 14:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\YAMAHA
[2010/11/27 22:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\Vstplugins
[2010/04/20 03:03:35 | 000,255,360 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010/04/20 03:03:34 | 000,211,840 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/27 16:07:57 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2010/12/27 16:05:16 | 003,514,235 | ---- | M] () -- C:\Users\Admin\Documents\WVCheck.exe
[2010/12/27 16:03:29 | 000,453,632 | ---- | M] () -- C:\Users\Admin\Documents\CKScanner.exe
[2010/12/27 16:03:07 | 000,000,478 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Admin.job
[2010/12/27 15:45:02 | 000,000,286 | -H-- | M] () -- C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/12/27 15:44:59 | 000,000,246 | -H-- | M] () -- C:\windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/12/27 15:44:51 | 000,000,310 | RHS- | M] () -- C:\windows\tasks\qouy.job
[2010/12/27 15:44:50 | 000,252,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\Hxevia.exe
[2010/12/27 15:44:50 | 000,108,032 | RHS- | M] () -- C:\windows\System32\nlmsprepu.dll
[2010/12/27 14:55:46 | 000,607,864 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/12/27 14:55:46 | 000,104,242 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/12/27 14:53:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/12/26 22:28:02 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/26 22:28:02 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/26 22:20:46 | 2352,553,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/25 15:38:41 | 006,475,776 | ---- | M] () -- C:\windows\System32\PSP VintageWarmer2.dll
[2010/12/25 11:53:25 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/12/24 22:08:13 | 000,000,672 | ---- | M] () -- C:\Users\Admin\Desktop\Counter Strike.lnk
[2010/12/23 22:40:29 | 000,104,240 | ---- | M] () -- C:\Users\Admin\Documents\Welcome_to_TextAloud.wav
[2010/12/23 15:52:10 | 000,000,686 | ---- | M] () -- C:\Users\Public\Desktop\Cool Edit Pro 2.0.lnk
[2010/12/23 13:11:20 | 000,006,656 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/22 23:51:42 | 000,042,816 | ---- | M] () -- C:\Users\Admin\Documents\op.veg
[2010/12/22 20:13:04 | 000,042,560 | ---- | M] () -- C:\Users\Admin\Documents\op.veg.bak
[2010/12/20 17:58:49 | 000,010,816 | ---- | M] () -- C:\Users\Admin\Documents\Untitled.veg
[2010/12/20 16:44:30 | 000,013,408 | ---- | M] () -- C:\Users\Admin\Documents\wake_up.veg
[2010/12/16 15:19:34 | 000,411,096 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/12/15 19:22:20 | 000,051,056 | ---- | M] () -- C:\Users\Admin\REZ.ttf
[2010/12/14 21:10:52 | 000,028,552 | ---- | M] () -- C:\Users\Admin\Documents\kuďo.veg
[2010/12/14 20:41:41 | 000,023,776 | ---- | M] () -- C:\Users\Admin\Documents\kuďo.veg.bak
[2010/12/13 21:23:06 | 000,001,087 | ---- | M] () -- C:\Users\Admin\Desktop\TextAloud.lnk
[2010/12/06 22:50:18 | 000,068,272 | ---- | M] () -- C:\Users\Admin\Documents\opek.veg
[2010/12/06 21:58:37 | 000,015,504 | ---- | M] () -- C:\Users\Admin\Documents\wake_up.veg.bak
[2010/12/05 23:36:22 | 000,067,192 | ---- | M] () -- C:\Users\Admin\Documents\opek.veg.bak
[2010/12/03 14:06:09 | 000,002,277 | ---- | M] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk
[2010/11/30 14:23:55 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\Musicsoft Downloader.lnk
[2010/11/27 22:20:45 | 000,002,444 | ---- | M] () -- C:\Users\Admin\Documents\Register Vegas Pro.htm
[2010/11/27 22:11:29 | 000,001,541 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 8.0.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/27 16:05:03 | 003,514,235 | ---- | C] () -- C:\Users\Admin\Documents\WVCheck.exe
[2010/12/27 16:03:27 | 000,453,632 | ---- | C] () -- C:\Users\Admin\Documents\CKScanner.exe
[2010/12/27 16:03:07 | 000,000,478 | -H-- | C] () -- C:\windows\tasks\Norton Security Scan for Admin.job
[2010/12/27 16:03:02 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NSS\0300000.067\isolate.ini
[2010/12/27 15:44:59 | 000,000,286 | -H-- | C] () -- C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/12/27 15:44:51 | 000,000,246 | -H-- | C] () -- C:\windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/12/27 15:44:50 | 000,108,032 | RHS- | C] () -- C:\windows\System32\nlmsprepu.dll
[2010/12/27 15:44:50 | 000,000,310 | RHS- | C] () -- C:\windows\tasks\qouy.job
[2010/12/25 15:38:41 | 006,475,776 | ---- | C] () -- C:\windows\System32\PSP VintageWarmer2.dll
[2010/12/25 11:53:25 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/12/24 22:08:13 | 000,000,672 | ---- | C] () -- C:\Users\Admin\Desktop\Counter Strike.lnk
[2010/12/23 22:40:27 | 000,104,240 | ---- | C] () -- C:\Users\Admin\Documents\Welcome_to_TextAloud.wav
[2010/12/23 15:45:47 | 000,000,686 | ---- | C] () -- C:\Users\Public\Desktop\Cool Edit Pro 2.0.lnk
[2010/12/17 14:22:13 | 000,042,816 | ---- | C] () -- C:\Users\Admin\Documents\op.veg
[2010/12/17 14:22:13 | 000,042,560 | ---- | C] () -- C:\Users\Admin\Documents\op.veg.bak
[2010/12/15 19:22:19 | 000,051,056 | ---- | C] () -- C:\Users\Admin\REZ.ttf
[2010/12/14 16:39:16 | 000,028,552 | ---- | C] () -- C:\Users\Admin\Documents\kuďo.veg
[2010/12/14 16:39:16 | 000,023,776 | ---- | C] () -- C:\Users\Admin\Documents\kuďo.veg.bak
[2010/12/13 21:23:06 | 000,001,087 | ---- | C] () -- C:\Users\Admin\Desktop\TextAloud.lnk
[2010/12/05 23:36:22 | 000,068,272 | ---- | C] () -- C:\Users\Admin\Documents\opek.veg
[2010/12/05 23:36:22 | 000,067,192 | ---- | C] () -- C:\Users\Admin\Documents\opek.veg.bak
[2010/11/30 14:23:55 | 000,000,841 | ---- | C] () -- C:\Users\Public\Desktop\Musicsoft Downloader.lnk
[2010/11/27 22:37:45 | 000,015,504 | ---- | C] () -- C:\Users\Admin\Documents\wake_up.veg.bak
[2010/11/27 22:37:45 | 000,013,408 | ---- | C] () -- C:\Users\Admin\Documents\wake_up.veg
[2010/11/27 22:12:16 | 000,002,444 | ---- | C] () -- C:\Users\Admin\Documents\Register Vegas Pro.htm
[2010/11/27 22:11:29 | 000,001,541 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 8.0.lnk
[2010/10/08 15:37:58 | 000,006,656 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/12 06:53:31 | 000,146,432 | ---- | C] () -- C:\windows\System32\APOMngr.DLL
[2010/09/12 06:53:31 | 000,072,704 | ---- | C] () -- C:\windows\System32\CmdRtr.DLL
[2010/09/11 17:54:30 | 000,033,120 | R--- | C] () -- C:\windows\System32\kschimp.ini
[2010/09/11 17:54:30 | 000,000,029 | R--- | C] () -- C:\windows\System32\ctzapxx.ini
[2010/09/11 17:54:16 | 000,029,518 | ---- | C] () -- C:\windows\System32\ksaud.ini
[2010/09/11 17:54:16 | 000,001,352 | ---- | C] () -- C:\ProgramData\CfSB1090.ini
[2010/09/11 17:54:16 | 000,001,352 | ---- | C] () -- C:\ProgramData\CfSB0910.ini
[2010/09/11 17:54:16 | 000,001,302 | ---- | C] () -- C:\ProgramData\CfSB0300.ini
[2010/09/11 17:54:16 | 000,001,282 | ---- | C] () -- C:\ProgramData\CfSB0471.ini
[2010/09/11 17:54:16 | 000,001,208 | ---- | C] () -- C:\ProgramData\CfSB0490.ini
[2010/09/11 17:54:16 | 000,001,027 | ---- | C] () -- C:\ProgramData\CfSB0560.ini
[2010/09/11 17:54:16 | 000,001,026 | ---- | C] () -- C:\ProgramData\CfSB0271.ini
[2010/09/11 17:54:16 | 000,001,026 | ---- | C] () -- C:\ProgramData\CfSB0270.ini
[2010/08/08 14:13:49 | 001,970,176 | ---- | C] () -- C:\windows\System32\d3dx9.dll
[2010/08/08 13:58:00 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2010/07/29 13:13:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/28 14:39:15 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/04/20 03:03:35 | 001,763,968 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010/04/20 03:03:35 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/04/20 03:03:34 | 000,033,280 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010/02/02 06:04:09 | 000,000,188 | ---- | C] () -- C:\windows\System32\HPWA.ini
[2010/02/02 05:43:43 | 000,000,155 | ---- | C] () -- C:\windows\System32\HPPA.ini
[2009/12/16 02:12:10 | 000,110,520 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2009/12/14 22:26:00 | 000,000,256 | ---- | C] () -- C:\windows\System32\vcsAPIShared.dll.hpsign
[2009/12/11 20:20:30 | 000,648,464 | ---- | C] () -- C:\windows\System32\SUPSDK.dll
[2009/12/11 20:20:18 | 000,050,448 | ---- | C] () -- C:\windows\System32\ExpSnapShotAPI.dll
[2009/12/03 08:27:28 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/11/25 03:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign
[2009/11/25 03:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign
[2009/11/25 03:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPClback.dll.hpsign
[2009/11/24 22:55:38 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign
[2009/11/24 22:55:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
[2009/11/24 22:55:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
[2009/11/17 23:39:36 | 000,329,272 | ---- | C] () -- C:\windows\System32\flcdlmsg.dll
[2009/09/30 00:25:16 | 000,013,312 | ---- | C] () -- C:\windows\LPRES.DLL
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/07 12:27:20 | 000,073,728 | ---- | C] () -- C:\windows\System32\vbzlib1.dll
[2006/12/08 13:58:14 | 000,069,632 | ---- | C] () -- C:\windows\System32\FxShared.dll
[2006/12/08 02:52:50 | 000,069,632 | ---- | C] () -- C:\windows\System32\com.fxpansion.fxshared.dll

========== LOP Check ==========

[2010/09/19 14:28:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Applied Acoustics Systems
[2010/08/08 14:03:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2010/07/28 12:26:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DigitalPersona
[2010/07/29 12:16:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ESET
[2010/12/27 15:53:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2010/09/18 19:42:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\iZotope
[2010/09/24 21:04:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Publish Providers
[2010/07/29 09:01:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SampleView
[2010/11/26 23:09:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony
[2010/11/24 18:14:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SynthMaker
[2010/08/08 12:52:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2010/08/06 13:15:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thinstall
[2010/12/25 21:46:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2010/08/08 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VDownloader
[2010/11/03 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Zoner
[2010/12/27 15:44:51 | 000,000,310 | RHS- | M] () -- C:\Windows\Tasks\qouy.job
[2010/11/27 13:09:05 | 000,032,518 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/27 15:45:02 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/12/27 15:44:59 | 000,000,246 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"LightScribe Control Panel" = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden -- [2009/06/17 21:13:36 | 002,363,392 | ---- | M] (Hewlett-Packard Company)
"msnmsgr" = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background -- [2010/09/23 00:47:30 | 004,240,760 | ---- | M] (Microsoft Corporation)
"JP595IR86O" = C:\Users\Admin\AppData\Local\Temp\Hgf.exe -- File not found

< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/12/15 20:08:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe
[2010/09/19 14:28:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Applied Acoustics Systems
[2010/07/29 09:12:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ArcSoft
[2010/07/28 12:36:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ATI
[2010/07/28 14:39:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Corel
[2010/07/28 14:39:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CorelHomeOffice
[2010/09/12 06:51:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Creative
[2010/08/08 14:03:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2010/07/28 12:26:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DigitalPersona
[2010/07/29 12:16:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ESET
[2010/09/28 17:49:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Hewlett-Packard
[2010/08/06 15:10:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\hpqLog
[2010/12/27 15:53:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2010/07/28 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities
[2010/09/05 17:01:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InstallShield
[2010/09/18 19:42:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\iZotope
[2010/07/28 16:27:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2010/12/13 21:49:58 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2010/10/27 19:58:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2010/09/24 21:04:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Publish Providers
[2010/07/29 09:01:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SampleView
[2010/12/27 15:45:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype
[2010/12/27 16:04:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\skypePM
[2010/11/26 23:09:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony
[2010/11/24 18:14:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SynthMaker
[2010/08/08 12:52:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2010/08/06 13:15:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thinstall
[2010/12/25 21:46:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2010/08/08 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VDownloader
[2010/08/05 08:12:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR
[2010/11/03 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2010/09/15 13:27:29 | 000,004,286 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{271A659B-A7D3-405E-AE31-3086133BE0B7}\ARPPRODUCTICON.exe
[2010/11/12 16:15:51 | 000,010,134 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010/08/06 13:15:08 | 000,007,168 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Thinstall\VDownloader 1.12\40000027500002i\VDownloader.exe
[2010/08/06 13:16:04 | 000,007,168 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Thinstall\VDownloader 1.12\40000080b00003i\ffmpeg.exe
[2010/11/03 19:59:35 | 006,995,288 | ---- | M] (ZONER software ) -- C:\Users\Admin\AppData\Roaming\Zoner\NLMDB\product.0032\autoupdate.us\ZPS12_Update_Build10.exe

< MD5 for: AGP440.SYS >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/10/01 08:17:00 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=2632B7125E0730E019532CFCFFFFBFC0 -- C:\Windows\System32\autochk.exe
[2009/10/01 08:17:00 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=2632B7125E0730E019532CFCFFFFBFC0 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.20538_none_e28cf2983c0715a1\autochk.exe
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009/10/06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/02/02 06:05:04 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/02/02 06:05:04 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009/10/06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009/07/14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTOR.SYS >
[2009/08/07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/08/07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\swsetup\Drivers\32\HDD\IaStor.sys
[2009/08/07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\swsetup\INTELMSM\Winall\Driver\IaStor.sys
[2009/08/07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys
[2009/08/07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_1f2a8fa4448bd5bf\iaStor.sys
[2009/08/07 13:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_e0df85a86191e9fe\iaStor.sys
[2009/08/07 13:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/08/07 13:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\swsetup\Drivers\64\HDD\IaStor.sys
[2009/08/07 13:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\swsetup\INTELMSM\Winall\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009/07/14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009/07/14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009/07/14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009/07/14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe

< MD5 for: NDIS.SYS >
[2009/07/14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009/07/14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SMSS.EXE >
[2009/07/14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009/07/14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2009/07/14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/06/14 07:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010/06/14 07:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\System32\drivers\tcpip.sys
[2010/06/14 07:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/12/27 15:44:50 | 000,108,032 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\System32\nlmsprepu.dll

< %systemroot%\Tasks\*.job /lockedfiles >
[2010/12/27 15:44:51 | 000,000,310 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\Tasks\qouy.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/12/16 02:12:10 | 000,110,520 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\SafeBoot.sys
[2010/08/08 13:58:00 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/12/27 15:44:50 | 000,108,032 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\System32\nlmsprepu.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010/12/26 22:28:02 | 000,019,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/26 22:28:02 | 000,019,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/25 11:45:36 | 000,002,302 | ---- | M] () -- C:\Windows\System32\DOErrors.log
[2010/12/26 22:20:57 | 000,000,018 | ---- | M] () -- C:\Windows\System32\log.txt
[2010/12/27 15:44:50 | 000,108,032 | RHS- | M] () -- C:\Windows\System32\nlmsprepu.dll
[2010/12/27 14:55:46 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/27 14:55:46 | 000,607,864 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/27 14:55:46 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/12/25 15:38:41 | 006,475,776 | ---- | M] () -- C:\Windows\System32\PSP VintageWarmer2.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >

Narfyk · #7 Příspěvek od **Narfyk** » 27 pro 2010 16:34

Extras.txt:
OTL Extras logfile created on: 12/27/2010 4:19:58 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Admin\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 21.23 Gb Free Space | 43.47% Space Free | Partition Type: NTFS
Drive D: | 397.30 Gb Total Space | 236.00 Gb Free Space | 59.40% Space Free | Partition Type: NTFS
Drive E: | 15.00 Gb Total Space | 6.52 Gb Free Space | 43.50% Space Free | Partition Type: NTFS
Drive H: | 4.32 Gb Total Space | 3.82 Gb Free Space | 88.31% Space Free | Partition Type: FAT32

Computer Name: PC4 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3863125621-3407463611-2706026323-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{0279C882-B150-44B6-A769-A7C8A2F31CE3}" = HP Wireless Assistant
"{02C0A02E-AB30-446C-B4C3-A03310D95F53}" = Windows Live UX Platform Language Pack
"{036271C7-EF63-5C56-249B-3859BB8D6F63}" = ccc-core-static
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{0497B553-0E3F-4CCD-BE13-E28F1A54B318}" = HP HotKey Support
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0AEA5A8C-792C-47F6-A304-3E30356DCE73}" = MP460 Software
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}" = Sound Blaster X-Fi Surround 5.1
"{12D191BB-4A42-3DE2-3C5D-10324A05E671}" = Catalyst Control Center Localization All
"{142D2DFA-1FB7-41B9-8509-DAB5F3978CE4}" = Privacy Manager for HP ProtectTools
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1C292266-E054-4090-84D5-869649E4F9C7}" = HP Power Data
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24715628-D739-3680-9249-6C82541895A7}" = CCC Help German
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2633DCDB-3444-5C3D-56D4-69B33C8FCEC7}" = CCC Help Spanish
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{2712DAD6-C1F7-4295-B06E-17D6DC62EC20}" = HP Software Framework
"{271A659B-A7D3-405E-AE31-3086133BE0B7}" = Yamaha USB-MIDI Driver
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{340BBF3F-6C34-233C-40F4-8E563C26CC38}" = Catalyst Control Center Graphics Previews Vista
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{3BDB9B89-56B5-4953-B052-AEB75FCBFC93}" = HP User Guides 0189
"{3E30BD4B-E7B9-1856-AE74-778E4A72CC4E}" = CCC Help Chinese Standard
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F5D3C08-92A2-B1B3-AC66-34577C5E31D2}" = CCC Help Japanese
"{4F765E00-EE1C-4392-93B4-54310358F41A}" = ArcSoft TotalMedia
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{52BDE10F-8BC2-A0DE-0799-2A791D101586}" = ccc-utility
"{53B364FC-8E1E-6C80-ADEA-89E337E1F9A1}" = CCC Help Thai
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5DCBD841-3768-4D3A-8517-65BFB87E05D3}" = Validity Fingerprint Driver
"{5E7F387C-4D9E-A3E8-D6D8-60FC12F38AD0}" = Catalyst Control Center InstallProxy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{663D5B53-B376-5117-AC9F-0B54D9964209}" = CCC Help Chinese Traditional
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{670234D0-42BE-493E-B3EB-6B5275530461}" = Corel Home Office
"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D2F0A26-ECEA-49CE-833C-9A6125F3D5E8}" = Doplnok programu Messenger
"{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}" = YAMAHA Musicsoft Downloader 5
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7861911B-4270-498A-8F7A-FCF0570F485D}" = HP QuickWeb
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7D3D566C-611F-D5BA-FEEF-29DEBFA638A4}" = ATI Catalyst Install Manager
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{842C6AFC-7856-4fd9-99AF-8900554ACAA2}_is1" = V-Station 1.5.1
"{871732B3-1EE5-4C54-8462-8BFF516880B7}" = HP ESU for Microsoft Windows 7
"{89D7DD37-5A15-46E0-9C3C-A0004C4F1A38}" = Drive Encryption for HP ProtectTools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A0590BF-9036-47D5-BBE7-50590649760C}" = HP ProtectTools Security Manager
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8B49BD5E-C896-4F65-95DC-3F84424226E8}" = HP QuickLook
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum zariadení Windows Mobile
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9790DA57-EFF6-D239-33C2-7042E290D4A2}" = CCC Help Danish
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99112027-9DD3-4172-7F80-1A18B28C28A5}" = CCC Help Russian
"{99BBDB78-814B-6E87-ADED-BEC0827D9B5B}" = CCC Help Greek
"{9A09BCEB-1ED8-A2EC-1E38-1F3D2908A5A8}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B63540D-D942-4C38-B42E-A48AE0145970}" = Virtua Tennis 3
"{9C780DBC-F527-FC46-7719-C4B163F75A37}" = Catalyst Control Center InstallProxy
"{9E82E333-C2CE-B816-CF6E-788E0316C0B9}" = CCC Help English
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A03CB97C-518C-6B97-C23B-2343498AE1B8}" = CCC Help Norwegian
"{A27DBE07-DDC0-1E95-55EF-96F1E6E1950C}" = CCC Help Dutch
"{A4FE1151-A0C7-AA94-EE83-3BFF31DC9FF9}" = CCC Help Czech
"{A8506BB4-8F79-801F-5786-3F9879D342A9}" = CCC Help French
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{ACC79395-0CED-1793-1D73-EC659969B0BA}" = CCC Help Hungarian
"{ADA171E1-0C13-44D0-BCFA-4275622E0368}" = HP Power Assistant
"{AE1EBD4A-9162-497A-8E1E-21C9A52F81B6}" = ESET Smart Security
"{B24625C5-5AC4-39F0-AFA2-D2403E9E208C}" = CCC Help Polish
"{B30C3A9E-0BEB-2310-DDDF-B611FE80370D}" = CCC Help Turkish
"{C0304364-38C1-AA52-1934-E1C3440FB6EE}" = CCC Help Finnish
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB65A1C3-533D-4EA6-82B5-FBA926F19079}" = Face Recognition for HP ProtectTools
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE4AD59F-3501-A263-06A5-0D569692EE49}" = CCC Help Korean
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45790AD-7161-812B-8D4F-ABC551B737DA}" = CCC Help Swedish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2CB1A97-8DAF-7DCE-B633-9DE523339516}" = CCC Help Portuguese
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArcSoft TotalMedia" = ArcSoft TotalMedia
"ASIO4ALL" = ASIO4ALL
"aTube Catcher" = aTube Catcher
"Audjoo Helix_is1" = Audjoo Helix 1.0
"AV Voice Changer Software DIAMOND 6.0" = AV Voice Changer Software DIAMOND 6.0
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner (remove only)
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"CL 1B for TDM" = CL 1B for TDM
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"Drive Encryption" = Drive Encryption for HP ProtectTools
"Drumaxx" = Drumaxx
"FL Studio 9" = FL Studio 9
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Fraps" = Fraps (remove only)
"Hardcore" = Hardcore
"HPProtectTools" = HP ProtectTools Security Manager
"IL Download Manager" = IL Download Manager
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"InstallShield_{CB65A1C3-533D-4EA6-82B5-FBA926F19079}" = Face Recognition for HP ProtectTools
"iZotope Ozone 4_is1" = iZotope Ozone 4
"JDownloader" = JDownloader
"Junglist VST Instrument" = Junglist VST Instrument
"Loko_Software 1.00" = Loko_Software 1.00
"MagJ" = Magic Journey (odstranenie)
"Malaya Ragnarok Online" = Malaya Ragnarok Online
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"N.I Pro-53 v3.0-OxYGeN" = N.I Pro-53
"Native Instruments FM8" = Native Instruments FM8
"NSS" = Norton Security Scan
"Ohmicide VST" = Ohm Force - Ohmicide VST
"PDF Complete" = PDF Complete Special Edition
"PoiZone" = PoiZone
"Predator_is1" = Rob Papen Predator V1.1.0
"PSP VintageWarmer 2.0.0" = PSP VintageWarmer 2.0.0
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"reFX Vanguard_is1" = reFX Vanguard VSTi RTAS v1.8.0
"Sakura" = Sakura
"Sawer" = Sawer
"Sonic Charge µTonic VSTi v2.0" = Sonic Charge µTonic VSTi v2.0
"Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
"Sonnox Oxford Limiter Native VST_is1" = Sonnox Oxford Limiter Native VST v1.1.1
"Sylenth1_is1" = Sylenth1 v2.20
"SynapseHydra_is1" = Hydra VSTi/DXi v1.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"TextAloud MP3_is1" = TextAloud
"Tone2 BiFilter2_is1" = BiFilter v2.2
"Tone2 FilterBank3_is1" = FilterBank v3.2
"Tone2 FireBird+_is1" = FireBird+ v1.9
"Tone2 Gladiator VSTi_is1" = Tone2 Gladiator VSTi v2.2
"Tone2 Warmverb multi-FX full_is1" = Tone2 Warmverb multi-FX full
"Toxic Biohazard" = Toxic Biohazard
"Ultra Analog VA-1" = Ultra Analog VA-1 v1.1.4
"uTorrent" = µTorrent
"Viral Outbreak v1.00 Demo_is1" = Viral Outbreak v1.00 VSTi Demo
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Waves Diamond Bundle v5.2" = Waves Diamond Bundle v5.2
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archivátor
"z3ta+_x86_is1" = rgc:audio z3ta+ 1.5
"ZonerPhotoStudio12_EN_is1" = Zoner Photo Studio 12

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3863125621-3407463611-2706026323-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/7/2010 2:13:18 AM | Computer Name = PC4 | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/7/2010 8:34:33 AM | Computer Name = PC4 | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/7/2010 8:34:34 AM | Computer Name = PC4 | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/7/2010 8:51:59 AM | Computer Name = PC4 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Arcsoft\TotalMedia
Suite\TotalMedia Studio MV\CaptureModule.exe.Manifest".Error in manifest or policy
file "c:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Studio MV\CaptureModule.exe.Manifest"
on line 3. The value "1, 2, 0, 17" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 12/7/2010 10:36:50 AM | Computer Name = PC4 | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/7/2010 10:36:50 AM | Computer Name = PC4 | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/7/2010 1:45:11 PM | Computer Name = PC4 | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 12/8/2010 8:42:02 AM | Computer Name = PC4 | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 12/8/2010 2:30:26 PM | Computer Name = PC4 | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 12/8/2010 2:30:26 PM | Computer Name = PC4 | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

[ Hewlett-Packard Events ]
Error - 8/5/2010 5:22:12 PM | Computer Name = PC4 | Source = Hewlett-Packard | ID = 0
Description = sk-SK Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 8/5/2010 5:22:12 PM | Computer Name = PC4 | Source = Hewlett-Packard | ID = 0
Description = sk-SK Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 8/14/2010 3:18:33 AM | Computer Name = PC4 | Source = Hewlett-Packard | ID = 0
Description = sk-SK String was not recognized as a valid DateTime. mscorlib at System.DateTimeParse.Parse(String
s, DateTimeFormatInfo dtfi, DateTimeStyles styles) at HPAssistant.Pages.MaintainHistory.removeFailedRows()

at HPAssistant.Pages.MaintainHistory.loadActions() at HPAssistant.Pages.MaintainHistory.Page_Loaded(Object
sender, RoutedEventArgs e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
target, RoutedEventArgs routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object
source, RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error - 10/9/2010 3:40:36 AM | Computer Name = PC4 | Source = Hewlett-Packard | ID = 0
Description = sk-SK Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 10/23/2010 3:48:16 AM | Computer Name = PC4 | Source = Hewlett-Packard | ID = 0
Description = sk-SK Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 11/26/2010 8:57:38 AM | Computer Name = PC4 | Source = Hewlett-Packard | ID = 0
Description = sk-SK String was not recognized as a valid DateTime. mscorlib at System.DateTimeParse.Parse(String
s, DateTimeFormatInfo dtfi, DateTimeStyles styles) at HPAssistant.Pages.MaintainHistory.removeFailedRows()

at HPAssistant.Pages.MaintainHistory.loadActions() at HPAssistant.Pages.MaintainHistory.Page_Loaded(Object
sender, RoutedEventArgs e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
target, RoutedEventArgs routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object
source, RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

[ HP Power Assistant Events ]
Error - 12/24/2010 7:59:34 AM | Computer Name = PC4 | Source = HP PA Service | ID = 0
Description = HistoricalDataFile.HDFileSignatureException The file CalibrationDataTable.his
does not contain a correct signature. at HistoricalDataFile.HDFileManager.CheckForFile()

at HistoricalDataFile.HDFileManager.EnsureFileExists() at HistoricalDataFile.HistoricalDataAccess.LateCreateCalibrationTable()

at HistoricalDataFile.HistoricalDataAccess.ClearCalibrationData(Boolean deleteFile)

at HPPA_Service.HistoricalDataWriter.ClearCalibrationData(Boolean deleteFile)

at HPPA_Service.HistoricalFileManager.ClearCalibrationData(Boolean deleteFile)

Error - 12/25/2010 6:36:38 AM | Computer Name = PC4 | Source = HP PA Service | ID = 0
Description = HistoricalDataFile.HDFileSignatureException The file CalibrationDataTable.his
does not contain a correct signature. at HistoricalDataFile.HDFileManager.CheckForFile()

at HistoricalDataFile.HDFileManager.EnsureFileExists() at HistoricalDataFile.HistoricalDataAccess.LateCreateCalibrationTable()

at HistoricalDataFile.HistoricalDataAccess.ClearCalibrationData(Boolean deleteFile)

at HPPA_Service.HistoricalDataWriter.ClearCalibrationData(Boolean deleteFile)

at HPPA_Service.HistoricalFileManager.ClearCalibrationData(Boolean deleteFile)

Error - 12/25/2010 7:12:21 AM | Computer Name = PC4 | Source = HP PA Service | ID = 0
Description = System.IO.IOException The process cannot access the file 'C:\ProgramData\Hewlett-Packard\HP
Power Assistant\Historical Data\DeviceTable.his' because it is being used by another
process. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)

at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share) at HistoricalDataFile.HDFileManager.OpenForAppend()

at HistoricalDataFile.HistoricalDataAccess.OpenForAppend(List`1 supportedDevices)

at HPPA_Service.HistoricalDataWriter..ctor(String hdaPath, CurrentConfiguration
currentConfig, Nullable`1 oldS0Average, Int32 s0SampleCount, Nullable`1 oldSxAverage,
Int32 sxSampleCount, Int64 sampleRate) at HPPA_Service.HistoricalFileManager.PrepareLog()

Error - 12/25/2010 7:12:21 AM | Computer Name = PC4 | Source = HP PA Service | ID = 0
Description = System.IO.IOException The process cannot access the file 'C:\ProgramData\Hewlett-Packard\HP
Power Assistant\Historical Data\DeviceTable.his' because it is being used by another
process. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)

at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share) at HistoricalDataFile.HDFileManager.OpenForAppend()

at HistoricalDataFile.HistoricalDataAccess.OpenForAppend(List`1 supportedDevices)

at HPPA_Service.HistoricalDataWriter..ctor(String hdaPath, CurrentConfiguration
currentConfig, Nullable`1 oldS0Average, Int32 s0SampleCount, Nullable`1 oldSxAverage,
Int32 sxSampleCount, Int64 sampleRate) at HPPA_Service.HistoricalFileManager.PrepareLog()

at HPPA_Service.HistoricalFileManager.OnPanelPowerChange(UInt32 milliwatts)
at HPPA_Service.HPPA_Service.UpdatePanelBrightness()

Error - 12/25/2010 7:12:21 AM | Computer Name = PC4 | Source = HP PA Service | ID = 0
Description = HistoricalDataFile.HDFileSignatureException The file CalibrationDataTable.his
does not contain a correct signature. at HistoricalDataFile.HDFileManager.CheckForFile()

at HistoricalDataFile.HDFileManager.EnsureFileExists() at HistoricalDataFile.HistoricalDataAccess.LateCreateCalibrationTable()

at HistoricalDataFile.HistoricalDataAccess.ClearCalibrationData(Boolean deleteFile)

at HPPA_Service.HistoricalDataWriter.ClearCalibrationData(Boolean deleteFile)

at HPPA_Service.HistoricalFileManager.ClearCalibrationData(Boolean deleteFile)

Error - 12/25/2010 9:19:48 AM | Computer Name = PC4 | Source = HP PA Service | ID = 0
Description = System.InvalidOperationException There is an error in the XML document.

at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String
encodingStyle, XmlDeserializationEvents events) at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader) at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput& pmcData) at
HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

Error - 12/25/2010 9:19:48 AM | Computer Name = PC4 | Source = HP PA Service | ID = 0
Description = System.FormatException The string '2025-25-25T25:25:25' is not a valid
AllXsd value. at System.Xml.Schema.XsdDateTime..ctor(String text, XsdDateTimeFlags
kinds) at System.Xml.XmlConvert.ToDateTime(String s, XmlDateTimeSerializationMode
dateTimeOption) at System.Xml.Serialization.XmlCustomFormatter.ToDateTime(String
value) at System.Xml.Serialization.XmlSerializationReader.ToDateTime(String value)

at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read79_GetPMCDataOutputOutputData(Boolean
isNullable, Boolean checkType) at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read80_GetPMCDataOutputOutput(Boolean
isNullable, Boolean checkType) at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read81_GetPMCDataOutput(Boolean
isNullable, Boolean checkType) at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read210_GetPMCDataOutput()

Error - 12/26/2010 3:46:48 PM | Computer Name = PC4 | Source = HP PA Service | ID = 0
Description = HistoricalDataFile.HDFileSignatureException The file CalibrationDataTable.his
does not contain a correct signature. at HistoricalDataFile.HDFileManager.CheckForFile()

at HistoricalDataFile.HDFileManager.EnsureFileExists() at HistoricalDataFile.HistoricalDataAccess.LateCreateCalibrationTable()

at HistoricalDataFile.HistoricalDataAccess.ClearCalibrationData(Boolean deleteFile)

at HPPA_Service.HistoricalDataWriter.ClearCalibrationData(Boolean deleteFile)

at HPPA_Service.HistoricalFileManager.ClearCalibrationData(Boolean deleteFile)

Error - 12/26/2010 4:22:28 PM | Computer Name = PC4 | Source = HP PA Service | ID = 0
Description = HistoricalDataFile.HDFileSignatureException The file CalibrationDataTable.his
does not contain a correct signature. at HistoricalDataFile.HDFileManager.CheckForFile()

at HistoricalDataFile.HDFileManager.EnsureFileExists() at HistoricalDataFile.HistoricalDataAccess.LateCreateCalibrationTable()

at HistoricalDataFile.HistoricalDataAccess.ClearCalibrationData(Boolean deleteFile)

at HPPA_Service.HistoricalDataWriter.ClearCalibrationData(Boolean deleteFile)

at HPPA_Service.HistoricalFileManager.ClearCalibrationData(Boolean deleteFile)

Error - 12/26/2010 5:23:05 PM | Computer Name = PC4 | Source = HP PA Service | ID = 0
Description = HistoricalDataFile.HDFileSignatureException The file CalibrationDataTable.his
does not contain a correct signature. at HistoricalDataFile.HDFileManager.CheckForFile()

at HistoricalDataFile.HDFileManager.EnsureFileExists() at HistoricalDataFile.HistoricalDataAccess.LateCreateCalibrationTable()

at HistoricalDataFile.HistoricalDataAccess.ClearCalibrationData(Boolean deleteFile)

at HPPA_Service.HistoricalDataWriter.ClearCalibrationData(Boolean deleteFile)

at HPPA_Service.HistoricalFileManager.ClearCalibrationData(Boolean deleteFile)

[ HP Wireless Assistant Events ]
Error - 12/25/2010 11:34:06 AM | Computer Name = PC4 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 12/25/2010 4:48:08 PM | Computer Name = PC4 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 12/25/2010 4:48:08 PM | Computer Name = PC4 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 12/25/2010 6:52:57 PM | Computer Name = PC4 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 12/25/2010 6:52:57 PM | Computer Name = PC4 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 12/26/2010 11:55:17 AM | Computer Name = PC4 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 12/26/2010 11:55:17 AM | Computer Name = PC4 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 12/27/2010 7:11:26 AM | Computer Name = PC4 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 12/27/2010 7:11:26 AM | Computer Name = PC4 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 12/27/2010 11:21:38 AM | Computer Name = PC4 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

[ System Events ]
Error - 12/26/2010 9:42:28 AM | Computer Name = PC4 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 12/26/2010 12:54:10 PM | Computer Name = PC4 | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "D8D385EAC0D1" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 12/26/2010 12:54:10 PM | Computer Name = PC4 | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "D8D385EAC0D1" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 12/26/2010 3:40:07 PM | Computer Name = PC4 | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "D8D385EAC0D1" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 12/26/2010 3:40:07 PM | Computer Name = PC4 | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "D8D385EAC0D1" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 12/26/2010 3:44:36 PM | Computer Name = PC4 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:42:47 on ?26. ?12. ?2010 was unexpected.

Error - 12/26/2010 4:20:19 PM | Computer Name = PC4 | Source = Microsoft-Windows-Eventlog | ID = 106
Description = Corruption was detected in the log for the Application channel and
some data was erased.

Error - 12/27/2010 6:13:55 AM | Computer Name = PC4 | Source = Service Control Manager | ID = 7011
Description = Počas čakania na odpoveď transakcie od služby HP Wireless Assistant
Service bol dosiahnutý časový limit (30000 ms).

Error - 12/27/2010 6:14:02 AM | Computer Name = PC4 | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "D8D385EAC0D1" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 12/27/2010 6:14:02 AM | Computer Name = PC4 | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "D8D385EAC0D1" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

< End of report >

Narfyk · #8 Příspěvek od **Narfyk** » 27 pro 2010 17:09

V procesoch bol spustená aplikácia Hxevia.exe. Bola v C:\WINDOWS
Otestoval som ju na VirusTotal.com a tu je výsledok:
http://www.virustotal.com/file-scan/rep ... 1293466115
Takže som ju hneď zmazal. Mala aj falošný "podpis" (?) že je od Microsoftu.
Snáď som neurobil zle

.
Ako to vyzerá s Logmi ?

#9 Příspěvek od **Caroprd111** » 27 pro 2010 17:19

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

IE - HKU\S-1-5-21-3863125621-3407463611-2706026323-1002\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKU\S-1-5-21-3863125621-3407463611-2706026323-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\S-1-5-21-3863125621-3407463611-2706026323-1002..\Run: [JP595IR86O] C:\Users\Admin\AppData\Local\Temp\Hgf.exe File not found
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Reg Error: Key error.)
[2010/12/27 15:44:54 | 000,252,416 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\Hxevia.exe
[2010/12/27 15:45:02 | 000,000,286 | -H-- | M] () -- C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/12/27 15:44:59 | 000,000,246 | -H-- | M] () -- C:\windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/12/27 15:44:51 | 000,000,310 | RHS- | M] () -- C:\windows\tasks\qouy.job
[2010/12/27 15:44:50 | 000,252,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\Hxevia.exe
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

Klikněte na Opravit, PC se restartuje, log vložte sem.

Obrázek

Otestujte na virustotalu:

C:\Windows\System32\nlmsprepu.dll
C:\Windows\System32\drivers\SafeBoot.sys

Narfyk · #10 Příspěvek od **Narfyk** » 27 pro 2010 17:41

OTL:
Error: Unable to interpret <IE - HKU\S-1-5-21-3863125621-3407463611-2706026323-1002\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-3863125621-3407463611-2706026323-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-3863125621-3407463611-2706026323-1002..\Run: [JP595IR86O] C:\Users\Admin\AppData\Local\Temp\Hgf.exe File not found> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)> in the current context!
Error: Unable to interpret <O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <[2010/12/27 15:44:54 | 000,252,416 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\Hxevia.exe> in the current context!
Error: Unable to interpret <[2010/12/27 15:45:02 | 000,000,286 | -H-- | M] () -- C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job> in the current context!
Error: Unable to interpret <[2010/12/27 15:44:59 | 000,000,246 | -H-- | M] () -- C:\windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job> in the current context!
Error: Unable to interpret <[2010/12/27 15:44:51 | 000,000,310 | RHS- | M] () -- C:\windows\tasks\qouy.job> in the current context!
Error: Unable to interpret <[2010/12/27 15:44:50 | 000,252,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\Hxevia.exe> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86> in the current context!

OTL by OldTimer - Version 3.2.18.0 log created on 12272010_173651

VirusTotal.com:
ten DLL mi nechce zobrať (viz. Obrázok)
a ten .sys mi nájde, kliknem na Send File a potom sa mi ajtak otvorí hlavná stránka VT. na Jotti Scanner mi píše Stav:
Súbor má nulovú veľkosť (0 bytov)!

Ďaľej ?

#11 Příspěvek od **Caroprd111** » 27 pro 2010 17:48

Pokračujte podle návodu: http://www.bleepingcomputer.com/combofi ... t-combofix

Narfyk · #12 Příspěvek od **Narfyk** » 27 pro 2010 18:10

CF Log:
ComboFix 10-12-26.01 - Admin . 12. 2010 17:59:47.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.2991.1853 [GMT 1:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpoFeedb.dll
C:\Thumbs.db
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((( Files Created from 2010-11-27 to 2010-12-27 )))))))))))))))))))))))))))))))
.

2010-12-27 17:04 . 2010-12-27 17:06 -------- d-----w- c:\users\Admin\AppData\Local\temp
2010-12-27 17:04 . 2010-12-27 17:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-27 16:36 . 2010-12-27 16:36 -------- d-----w- C:\_OTL
2010-12-27 15:56 . 2010-12-27 15:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-12-27 15:03 . 2010-12-27 15:59 -------- d-----w- c:\programdata\Symantec
2010-12-27 15:03 . 2010-12-27 15:59 -------- d-----w- c:\programdata\Norton
2010-12-27 14:44 . 2010-12-27 14:44 108032 --sha-r- c:\windows\system32\nlmsprepu.dll
2010-12-25 14:38 . 2010-12-25 14:38 6475776 ----a-w- c:\windows\system32\PSP VintageWarmer2.dll
2010-12-25 10:52 . 2010-12-25 10:52 -------- d-----w- c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2010-12-24 11:21 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDE416CF-8810-4E90-BCB7-0099DFE8F733}\mpengine.dll
2010-12-23 14:50 . 2010-12-23 14:50 -------- d-----w- c:\program files\coolpro2
2010-12-23 14:45 . 2010-12-26 15:48 -------- d-----w- C:\Temp
2010-12-22 16:42 . 2010-12-22 16:42 -------- d-----w- c:\users\Admin\AppData\Local\Native Instruments
2010-12-22 16:42 . 2010-12-22 16:42 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-12-20 18:16 . 2010-12-20 18:16 -------- d-----w- c:\program files\Common Files\Skype
2010-12-16 13:06 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-12-16 13:06 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-16 13:06 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-16 13:06 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-16 13:06 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-12-16 13:06 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-12-16 12:59 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 12:53 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-16 12:51 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-16 12:51 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-16 12:51 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-16 12:50 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-16 12:50 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-14 06:29 . 2010-12-14 06:30 -------- d-----w- c:\windows\WindowsMobile
2010-12-13 20:49 . 2010-12-13 20:49 -------- d-----w- c:\users\Admin\AppData\Local\NextUp
2010-12-13 20:49 . 2010-12-13 20:49 -------- d-----w- c:\programdata\NextUp
2010-12-06 18:10 . 2010-12-06 18:10 -------- d-----w- c:\programdata\Electronic Arts
2010-12-06 18:10 . 2010-12-06 18:10 -------- d-----w- c:\programdata\EA Core
2010-12-06 18:00 . 2010-12-06 18:00 -------- d-----w- c:\programdata\Solidshield
2010-12-03 13:10 . 2010-12-03 13:10 -------- d-----w- c:\programdata\Creative Labs
2010-12-03 13:05 . 2010-12-03 14:41 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2010-12-03 13:01 . 2010-12-03 13:05 -------- d--h--w- c:\program files\Creative Installation Information
2010-11-30 13:24 . 2010-11-30 13:24 -------- d-----w- c:\programdata\YAMAHA
2010-11-27 21:11 . 2010-11-27 21:11 -------- d-----w- c:\program files\Vstplugins

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 20:27 . 2010-10-26 18:48 165232 ---ha-w- c:\users\Admin\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-11-26 13:23 . 2010-11-26 13:23 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2010-11-15 19:34 . 2010-11-15 19:34 169320 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10135.bin
2010-10-27 12:28 . 2010-12-25 10:55 11320 ----a-w- c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
2010-10-19 09:41 . 2010-07-28 14:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-01 10:41 . 2010-10-01 10:41 411368 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-01-05 254520]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-10-23 563736]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-12-03 495711]
"DTRun"="c:\program files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-19 518656]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-25 98304]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"Hercules DJ Series"="d:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2009-07-09 505128]
"Creative SB Monitoring Utility"="sbavmon.dll" [2008-12-01 94720]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-08-23 1691192]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-9-28 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-17 22:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 1639728]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2009-07-08 126464]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2009-10-21 32312]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-17 362040]
R3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2009-07-08 124416]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-08-05 886912]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 181792]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-29 1343400]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [2009-08-04 33736]
R4 Ipprgp;Ipprgp;c:\windows\system32\drivers\btwl2cap.sys [2009-09-17 29472]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-08 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\aestsrv.exe [2009-03-03 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-18 176128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-04-09 38240]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;d:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-08-23 103992]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-01-08 81920]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-01-05 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-10-23 635416]
S2 TeamViewer5;TeamViewer 5;d:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2009-12-04 506472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-06-18 5586944]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-18 210432]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 29824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.jumpstyle.sk/
mStart Page = hxxp://www.bing.com
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h3sxwii9.default\
FF - prefs.js: browser.startup.homepage - hxxp://jumpstyle.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5168)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
d:\virtualpc\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\rundll32.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2010-12-27 18:08:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-27 17:08

Pre-Run: 22 613 127 168 bytes free
Post-Run: 22 307 414 016 bytes free

- - End Of File - - C7840D774791E49F38125F1BF96FC3C0

Ešte chcem dodať, že k infekcii došlo o 15:44. A chcem sa spýtať, prečo sa mi niekedy vtvarajú súbory Thumbs.db ?

#13 Příspěvek od **Caroprd111** » 27 pro 2010 18:56

http://forum.zive.cz/viewtopic.php?f=916&t=931228

Jak se chová PC?

Narfyk · #14 Příspěvek od **Narfyk** » 27 pro 2010 19:03

PC sa choval aj predtým normálne. On by ostal zavírený. Ale brat mi chcel ukázať čo spustil a cracku nikde, tak ma napadlo otvoriť Task Manager.
Myslím že to je všetko, mám dať ešte pre istotu RSIT Log na kontrolu ?

#15 Příspěvek od **Caroprd111** » 27 pro 2010 19:50

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter

Obrázek

Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

Spusťte.
Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

Dejte nový log z RSIT.

VIRY.CZ

Možný vír v PC

Možný vír v PC

Re: Možný vír v PC

Re: Možný vír v PC

Re: Možný vír v PC

Re: Možný vír v PC

Re: Možný vír v PC

Re: Možný vír v PC

Re: Možný vír v PC

Re: Možný vír v PC

Re: Možný vír v PC

Re: Možný vír v PC

Re: Možný vír v PC

Re: Možný vír v PC

Re: Možný vír v PC

Re: Možný vír v PC