VIRY.CZ

po startu mi windows vypise hlasku, ze svchost.exe prestal pracoval, nevite prosim co s tim mam delat?

predem dekuji za pomoc




Logfile of random's system information tool 1.08 (written by random/random)
Run by Tokyto at 2010-12-30 13:23:17
Microsoft Windows 7 Ultimate
System drive C: has 12 GB (4%) free of 305 GB
Total RAM: 2046 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:23:18, on 30.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\QIP Infium\infium.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe
C:\Users\Tokyto\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlExHlper.exe
C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Tokyto.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Tokyto\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Tokyto\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Tokyto\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP Infium\infium.exe" /autorun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [dll] C:\Users\Tokyto\AppData\Roaming\dll\svchost.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tokyto\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{76408C75-C11F-4AFC-9C77-C4289F0CC8DE}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files (x86)\GameTracker\GSInGameService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11732 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\GameTracker\GSInGameService.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe" -service
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe"
"C:\Program Files (x86)\Tunngle\TnglCtrl.exe"
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe" /TUStart /pid:1588
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\QIP Infium\infium.exe" /autorun
WLIDSvcM.exe 2144
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files (x86)\Steam\Steam.exe" -silent
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent
"C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
"C:\Users\Tokyto\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe" /crashhandler
"C:\Program Files (x86)\Xfire\Xfire.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-64a0291a-2695-4c08-a5ad-5b223184f99e -SystemEventPortName:HostProcess-0196cf1f-1b40-401d-b10d-a790e7e5fc2e -IoCancelEventPortName:HostProcess-36f9c871-9e9a-4f1d-9ce9-ae0db8d25947 -NonStateChangingEventPortName:HostProcess-516da4f0-3409-4899-9886-727d30433542 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5fa29fa0-9742-4ec3-b19a-82d09e286a2a
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Program Files (x86)\Xfire\Xfire.exe" C:\Program Files (x86)\Xfire\Xfire.exe/uac 3204
"C:\Program Files (x86)\Xfire\xfire64.exe" xfire64.exe /pid 4908
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Java\jre6\bin\javaw.exe" -Xms512m -Xmx1024m -jar "C:\Users\Tokyto\Desktop\Minecraft.exe"
C:\Windows\system32\msiexec.exe /V
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlExHlper.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=5248.035B6600.801164528 /prefetch:3
"C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\8.0.552.224\gcswf32.dll" --lang=cs --plugin-data-dir="C:\Users\Tokyto\AppData\Local\Google\Chrome\User Data\Default" --channel=5248.0A3A544C.1434777210 /prefetch:4
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Tokyto\Downloads\RSITx64 (1).exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3049775063-532791586-3059231688-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3049775063-532791586-3059231688-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\Tokyto\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll [2010-09-06 48080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Tokyto\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-11-16 2716216]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"Infium"=C:\Program Files (x86)\QIP Infium\infium.exe [2010-09-06 5896656]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"AlcoholAutomount"=C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
"dll"=C:\Users\Tokyto\AppData\Roaming\dll\svchost.exe [2010-06-24 139776]
""= []
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-10-11 14940040]
"Google Update"=C:\Users\Tokyto\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-26 135664]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2010-11-17 1242448]
"DriverMax"=C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe [2010-03-01 9216928]
"DriverMax_RESTART"=C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe [2010-03-01 9216928]
"OfficeSyncProcess"=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2010-03-16 908160]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-08-10 421888]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

C:\Users\Tokyto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2010-12-30 13:06:37 ----SHD---- C:\Config.Msi
2010-12-30 12:50:44 ----A---- C:\Windows\ntbtlog.txt
2010-12-29 19:19:45 ----A---- C:\Windows\system32\RtNicProp64.dll
2010-12-29 19:19:45 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2010-12-29 19:19:42 ----D---- C:\Program Files (x86)\Realtek
2010-12-29 19:10:58 ----D---- C:\ProgramData\Sun
2010-12-29 19:10:48 ----A---- C:\Windows\SYSWOW64\javaws.exe
2010-12-29 19:10:48 ----A---- C:\Windows\SYSWOW64\javaw.exe
2010-12-29 19:10:48 ----A---- C:\Windows\SYSWOW64\java.exe
2010-12-29 19:10:48 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2010-12-29 18:43:11 ----D---- C:\Users\Tokyto\AppData\Roaming\.minecraft
2010-12-28 20:28:49 ----D---- C:\Program Files (x86)\Trend Micro
2010-12-18 23:02:34 ----D---- C:\Program Files (x86)\A1 WMA Tools
2010-12-18 22:57:04 ----A---- C:\Windows\SYSWOW64\AudPlayer.dll
2010-12-18 22:57:04 ----A---- C:\Windows\SYSWOW64\AudioVisu.dll
2010-12-18 22:57:04 ----A---- C:\Windows\SYSWOW64\AudioRecord.dll
2010-12-18 22:57:04 ----A---- C:\Windows\SYSWOW64\AudioInfos.dll
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\VB6STKIT.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\VB6FR.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\TABCTFR.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\MSCMCFR.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\Mscc2fr.dll
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\inetfr.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\CMDLGFR.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\AudFile.dll
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\AudDisplay.dll
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\AudDesign.dll
2010-12-18 22:57:02 ----D---- C:\Users\Tokyto\AppData\Roaming\FreeAudioPack
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\NCTWMAFile2.dll
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\NCTWMAFile.dll
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\NCTAudioPlayer.dll
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\NCTAudioInformation2.dll
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\NCTAudioFile.dll
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\msvcr70.dll
2010-12-18 14:09:09 ----D---- C:\Program Files (x86)\NAVIGON
2010-12-16 16:00:59 ----A---- C:\Windows\SYSWOW64\tzres.dll
2010-12-16 16:00:59 ----A---- C:\Windows\system32\tzres.dll
2010-12-16 16:00:54 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2010-12-16 16:00:54 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2010-12-16 16:00:54 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
2010-12-16 16:00:54 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2010-12-16 16:00:54 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-16 16:00:54 ----A---- C:\Windows\system32\taskschd.dll
2010-12-16 16:00:54 ----A---- C:\Windows\system32\taskeng.exe
2010-12-16 16:00:54 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-16 16:00:54 ----A---- C:\Windows\system32\schtasks.exe
2010-12-16 16:00:54 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-16 16:00:46 ----A---- C:\Windows\system32\atmfd.dll
2010-12-16 16:00:45 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2010-12-16 16:00:45 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2010-12-16 16:00:45 ----A---- C:\Windows\system32\atmlib.dll
2010-12-16 16:00:40 ----A---- C:\Windows\system32\win32k.sys
2010-12-16 16:00:35 ----A---- C:\Windows\system32\webio.dll
2010-12-16 16:00:34 ----A---- C:\Windows\SYSWOW64\webio.dll
2010-12-16 16:00:32 ----A---- C:\Windows\system32\consent.exe
2010-12-16 16:00:31 ----A---- C:\Windows\system32\mshtml.dll
2010-12-16 16:00:31 ----A---- C:\Windows\system32\iertutil.dll
2010-12-16 16:00:30 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2010-12-16 16:00:30 ----A---- C:\Windows\system32\mstime.dll
2010-12-16 16:00:30 ----A---- C:\Windows\system32\ieframe.dll
2010-12-16 16:00:28 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-12-16 16:00:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-12-16 16:00:26 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-12-16 16:00:25 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-12-16 16:00:25 ----A---- C:\Windows\system32\wininet.dll
2010-12-16 16:00:25 ----A---- C:\Windows\system32\urlmon.dll
2010-12-16 16:00:25 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-12-16 16:00:24 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-16 16:00:24 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-16 16:00:24 ----A---- C:\Windows\system32\ieui.dll
2010-12-16 16:00:24 ----A---- C:\Windows\system32\iepeers.dll
2010-12-16 16:00:24 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-16 16:00:23 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-12-16 16:00:23 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2010-12-16 16:00:23 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-12-16 16:00:23 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-16 16:00:23 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-16 16:00:23 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-14 19:43:50 ----D---- C:\Users\Tokyto\AppData\Roaming\zaloha minecraftů

======List of files/folders modified in the last 1 months======

2010-12-30 13:23:19 ----D---- C:\Windows\Temp
2010-12-30 13:23:18 ----D---- C:\Program Files\trend micro
2010-12-30 13:21:21 ----D---- C:\Windows\WindowsMobile
2010-12-30 13:21:15 ----RD---- C:\Program Files (x86)
2010-12-30 13:20:40 ----D---- C:\Program Files (x86)\VstPlugins
2010-12-30 13:20:40 ----D---- C:\Program Files (x86)\Image-Line
2010-12-30 13:19:13 ----D---- C:\Users\Tokyto\AppData\Roaming\Skype
2010-12-30 13:18:37 ----D---- C:\Windows\SysWOW64
2010-12-30 13:18:21 ----D---- C:\Program Files (x86)\Quick Memory Editor
2010-12-30 13:18:06 ----HD---- C:\ProgramData
2010-12-30 13:15:08 ----SHD---- C:\Windows\Installer
2010-12-30 13:13:59 ----SHD---- C:\System Volume Information
2010-12-30 13:11:30 ----D---- C:\Program Files (x86)\Handbrake
2010-12-30 13:09:48 ----D---- C:\Program Files (x86)\URUSoft
2010-12-30 13:09:10 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-12-30 13:09:07 ----D---- C:\Users\Tokyto\AppData\Roaming\Mozilla
2010-12-30 13:06:39 ----D---- C:\Windows\system32\Tasks
2010-12-30 13:05:52 ----D---- C:\Program Files (x86)\Common Files
2010-12-30 13:05:46 ----D---- C:\Windows\system32\config
2010-12-30 13:04:26 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-12-30 13:04:25 ----RD---- C:\Program Files
2010-12-30 13:02:46 ----D---- C:\Program Files (x86)\Steam
2010-12-30 13:02:12 ----D---- C:\ProgramData\NVIDIA
2010-12-30 13:01:54 ----D---- C:\Windows
2010-12-30 13:00:11 ----D---- C:\Program Files (x86)\Zombie Driver
2010-12-30 12:28:25 ----D---- C:\Users\Tokyto\AppData\Roaming\skypePM
2010-12-30 12:26:53 ----D---- C:\Windows\System32
2010-12-29 20:30:05 ----D---- C:\Program Files (x86)\League of Legends
2010-12-29 19:20:22 ----D---- C:\Windows\system32\drivers
2010-12-29 19:20:21 ----D---- C:\Windows\inf
2010-12-29 19:20:15 ----D---- C:\Windows\system32\catroot
2010-12-29 19:20:15 ----D---- C:\Windows\Prefetch
2010-12-29 19:20:13 ----D---- C:\Windows\system32\DriverStore
2010-12-29 19:10:44 ----D---- C:\Program Files (x86)\Java
2010-12-29 15:56:48 ----D---- C:\Users\Tokyto\AppData\Roaming\Xfire
2010-12-27 19:50:59 ----D---- C:\temp
2010-12-27 16:31:00 ----D---- C:\Program Files (x86)\JDownloader
2010-12-26 20:00:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-25 21:20:23 ----D---- C:\ProgramData\Xfire
2010-12-18 23:15:55 ----D---- C:\Users\Tokyto\AppData\Roaming\uTorrent
2010-12-18 23:00:49 ----D---- C:\Program Files (x86)\ImTOO
2010-12-18 16:01:17 ----D---- C:\Windows\rescache
2010-12-17 13:18:29 ----D---- C:\Windows\winsxs
2010-12-17 13:17:40 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-12-17 13:17:40 ----D---- C:\Windows\system32\cs-CZ
2010-12-17 13:17:37 ----D---- C:\Windows\SYSWOW64\migration
2010-12-17 13:17:37 ----D---- C:\Program Files\Windows Mail
2010-12-17 13:17:37 ----D---- C:\Program Files\Internet Explorer
2010-12-17 13:17:37 ----D---- C:\Program Files (x86)\Windows Mail
2010-12-17 13:17:37 ----D---- C:\Program Files (x86)\Internet Explorer
2010-12-17 13:17:36 ----D---- C:\Windows\system32\migration
2010-12-16 23:19:42 ----D---- C:\ProgramData\Microsoft Help
2010-12-16 23:14:27 ----A---- C:\Windows\system32\MRT.exe
2010-12-16 21:11:23 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2010-12-16 21:11:14 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2010-12-16 20:53:13 ----D---- C:\Program Files (x86)\EA GAMES
2010-12-16 16:00:07 ----D---- C:\Windows\system32\catroot2
2010-12-15 18:52:27 ----D---- C:\ProgramData\Tunngle
2010-12-15 18:52:26 ----D---- C:\Users\Tokyto\AppData\Roaming\Tunngle
2010-12-13 21:13:27 ----D---- C:\Program Files (x86)\Tunngle

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-01-26 834544]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-11-16 136584]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 145336]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 123200]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-11-11 408680]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 35112]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 ascj35jf;ascj35jf; C:\Windows\system32\drivers\ascj35jf.sys []
S3 axly2r5t;axly2r5t; C:\Windows\system32\drivers\axly2r5t.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena\plugins\UI\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 33856]
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-02-26 9216]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2010-02-26 9216]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WINUSB;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
R2 GS In-Game Service;GS In-Game Service; C:\Program Files (x86)\GameTracker\GSInGameService.exe [2009-12-10 1643872]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-10-16 989800]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-12-16 75136]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2010-12-16 189248]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 TeamViewer5;TeamViewer 5; C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-12-18 1394504]
R2 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-11-17 403240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 23296]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 TuneUp.Defrag;@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-01-30 607048]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1255736]

-----------------EOF-----------------

Zdravim a pekny den preji

Mate to hezky zavirovane

Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

Predpokladam ze NOD32 mate legalni = zakoupena licence

nod32 nemam legalni, ale mam ho aktualizovany....



info.txt logfile of random's system information tool 1.08 2010-08-15 12:47:26

======Uninstall list======

-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
ACE Mega CoDecS Pack-->"C:\Program Files (x86)\ACE Mega CoDecS Pack\unins000.exe"
Active@ DVD Eraser v 1.1-->"C:\Program Files (x86)\LSoft Technologies\Active DVD Eraser\UNWISE.EXE" "C:\Program Files (x86)\LSoft Technologies\Active DVD Eraser\INSTALL.LOG"
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Aliens vs. Predator-->"C:\Program Files (x86)\Aliens vs. Predator\Uninstall\unins000.exe"
Angelfish-->MsiExec.exe /I{96A0C0F3-981F-4C99-8A33-79EE86D3DF62}
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ARMA 2 Operation Arrowhead Uninstall-->C:\Program Files (x86)\Bohemia Interactive\ArmA 2 Operation Arrowhead\UnInstall_OA.exe
ArmA II Launcher-->MsiExec.exe /I{3D0E749F-896D-4E74-88CC-8CE1771B5172}
ASIO4ALL-->C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe
Avidemux 2.5-->C:\Program Files (x86)\Avidemux 2.5\uninstall.exe
Azgard-->C:\Windows\WindowsMobile\Azgard\Uninstall.exe Azgard
Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67}
BlackCoreLogic-->C:\Windows\WindowsMobile\BlackCoreLogic\Uninstall.exe BlackCoreLogic
Bombduck-->C:\Windows\WindowsMobile\Bombduck\Uninstall.exe Bombduck
Burn Zombie Burn!-->"C:\Program Files (x86)\P2 Games\Burn Zombie Burn\unins000.exe"
Call of Duty(R) - World at War(TM) 1.2 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.4 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{9F01A67B-7D67-482F-9D4F-D5980A440FD4}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.5 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.6 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.7 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{750C87B8-AF19-4C3C-B791-50D9C83AE572}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM)-->C:\Program Files (x86)\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 2 Patch 1.3-->C:\Program Files (x86)\Activision\Call of Duty 2\Uninst_Call of Duty(R) 2 Patch 1.3.exe /U "C:\Program Files (x86)\Activision\Call of Duty 2\Uninst_Call of Duty(R) 2 Patch 1.3.log"
Call Of Duty(R) 2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DBECFA83-42DC-4585-A970-A764AB01A956}\setup.exe" -l0x5
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files (x86)\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Centrum zařízení Windows Mobile-->MsiExec.exe /X{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}
CINEMA 4D 11.514-->"C:\Program Files\MAXON\CINEMA 4D R11.5\CINEMA 4D 64 Bit.exe" "C:\Program Files\MAXON\CINEMA 4D R11.5\resource\install20100316_163337.log" -uninstall
Cities XL-->C:\Program Files (x86)\Monte Cristo\Cities XL\uninst.exe
COD2 Multiplayer-->C:\Windows\WindowsMobile\COD2 Multiplayer\Uninstall.exe COD2 Multiplayer
Counter-Strike: Source-->C:\Program Files (x86)\Counter-Strike Source\Uninst.exe
Crazy Machines II-->MsiExec.exe /I{30433BBA-5358-4B41-817E-E694092DC178}
Deckadance-->C:\Program Files (x86)\VstPlugins\Deckadance\uninstall.exe
DirectWave-->C:\Program Files (x86)\VstPlugins\DirectWave\uninstall.exe
DriverMax 5-->"C:\Program Files (x86)\Innovative Solutions\DriverMax\unins000.exe"
Drumaxx-->C:\Program Files (x86)\Image-Line\Drumaxx\uninstall.exe
DX10-->C:\Program Files (x86)\Image-Line\DX10\uninstall.exe
Edison-->C:\Program Files (x86)\Image-Line\Edison\uninstall.exe
EVEREST Ultimate Edition v5.02-->"C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe"
ExplodeArena-->C:\Windows\WindowsMobile\ExplodeArena\Uninstall.exe ExplodeArena
FL Studio 9-->C:\Program Files (x86)\Image-Line\FL Studio 9\uninstall.exe
Foxit Reader-->C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe
Foxit Toolbar-->"C:\Program Files (x86)\AskBarDis\unins000.exe"
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
FreeCommander 2009.02a-->"C:\Program Files (x86)\FreeCommander\unins000.exe"
GamePark-->"C:\Program Files (x86)\GamePark\unins000.exe"
GameTracker Lite-->C:\Program Files (x86)\GameTracker\gametracker-uninst.exe
Garena 2010-->C:\Program Files (x86)\Garena\uninst.exe
GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
Gtk# 2.12 Runtime-->MsiExec.exe /X{1EEB8931-A192-42E6-AC50-9BA046E2E9DD}
Hardcore-->C:\Program Files (x86)\Image-Line\Hardcore\uninstall.exe
HLSW v1.3.1-->"C:\Program Files (x86)\HLSW\unins000.exe"
HyperLobby client-->MsiExec.exe /I{A78B4E16-FCEC-41FE-9ED3-A5AC6D5B8B60}
Cheat Engine 5.6-->"C:\Program Files (x86)\Cheat Engine\unins000.exe"
ICQ Toolbar-->C:\Program Files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
IL Autogun-->C:\Program Files (x86)\Image-Line\IL Autogun\uninstall.exe
IL Download Manager-->C:\Program Files (x86)\Image-Line\Downloader\uninstall.exe
IL DrumSynth Live-->C:\Program Files (x86)\Image-Line\IL DrumSynth Live\uninstall.exe
IL Gross Beat-->C:\Program Files (x86)\Image-Line\IL Gross Beat\uninstall.exe
IL Harmless-->C:\Program Files (x86)\Image-Line\IL Harmless\uninstall.exe
IL Juice Pack-->C:\Program Files (x86)\Image-Line\IL Juice Pack\uninstall.exe
IL Ogun-->C:\Program Files (x86)\Image-Line\IL Ogun\uninstall.exe
IL Slicex-->C:\Program Files (x86)\Image-Line\IL Slicex\uninstall.exe
IL Vocodex-->C:\Program Files (x86)\Image-Line\IL Vocodex\uninstall.exe
ImTOO AVI MPEG Converter-->C:\Program Files (x86)\ImTOO\AVI MPEG Converter\Uninstall.exe
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
JDownloader-->C:\Program Files (x86)\JDownloader\uninstall.exe
League of Legends-->"C:\Program Files (x86)\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly
LEGO® Harry Potter™: Years 1-4-->MsiExec.exe /X{C5A8DF48-580B-44D3-B2B2-E965A9368F28}
Leo's Flight Simulator V1.0-->"C:\Program Files (x86)\Leo's Flight Simulator\DIAMOND\unins000.exe"
Mafia II - Demo-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/50280
Maximus-->C:\Program Files (x86)\Image-Line\Maximus\uninstall.exe
Mean Hamster Software Riven-->"C:\Windows\epsuninst.exe" "C:\Program Files (x86)\Riven\uninst.dat"
Medal of Honor™ MP Beta-->MsiExec.exe /X{A64479BE-7DB6-4B07-87B9-70AD85B7EAD2}
Men of War (Remove Only)-->"C:\Program Files (x86)\505games\1C\Men of War\unins000.exe"
Microsoft Age of Empires II: The Conquerors Expansion-->"C:\Program Files (x86)\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files (x86)\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-1000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-1000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-1000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-1000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-1000-0000000FF1CE}
Microsoft Office Office 32-bit Components 2010-->MsiExec.exe /X{90140000-0043-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-1000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-1000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-1000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-1000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-1000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-1000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-1000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-1000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-1000-0000000FF1CE}
Microsoft Office Shared 32-bit MUI (English) 2010-->MsiExec.exe /X{90140000-0043-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-1000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-1000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-1000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022-->MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Morphine-->C:\Program Files (x86)\Image-Line\Morphine\uninstall.exe
Mount&Blade Warband-->C:\Program Files (x86)\Mount&Blade Warband\uninstall.exe
Mozilla Firefox (3.6.3)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
Oblivion-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OblivionOnline-->MsiExec.exe /I{0B1CB25C-97C8-4998-8C09-6A0EB7C38AF9}
OmniGSoft Mini-Aquabike 1.1 for Pocket PC-->C:\Windows\WindowsMobile\OmniGSoft Mini-Aquabike 1.1 for Pocket PC\Uninstall.exe OmniGSoft Mini-Aquabike 1.1 for Pocket PC
OmniGSoft Mini-Dogfight 1.5 for Pocket PC-->C:\Windows\WindowsMobile\OmniGSoft Mini-Dogfight 1.5 for Pocket PC\Uninstall.exe OmniGSoft Mini-Dogfight 1.5 for Pocket PC
OmniGSoft Mini-Jetfight 1.2 for Pocket PC-->C:\Windows\WindowsMobile\OmniGSoft Mini-Jetfight 1.2 for Pocket PC\Uninstall.exe OmniGSoft Mini-Jetfight 1.2 for Pocket PC
OmniGSoft Mini-Kayak 1.1 for Pocket PC-->C:\Windows\WindowsMobile\OmniGSoft Mini-Kayak 1.1 for Pocket PC\Uninstall.exe OmniGSoft Mini-Kayak 1.1 for Pocket PC
OmniGSoft Mini-Sportsbike 1.1 for Pocket PC-->C:\Windows\WindowsMobile\OmniGSoft Mini-Sportsbike 1.1 for Pocket PC\Uninstall.exe OmniGSoft Mini-Sportsbike 1.1 for Pocket PC
OmniGSoft Mini-TransCanada 1.3 for Pocket PC-->C:\Windows\WindowsMobile\OmniGSoft Mini-TransCanada 1.3 for Pocket PC\Uninstall.exe OmniGSoft Mini-TransCanada 1.3 for Pocket PC
OmniGSoft SportsVehicleLib 1.2 for Pocket PC-->C:\Windows\WindowsMobile\OmniGSoft SportsVehicleLib 1.2 for Pocket PC\Uninstall.exe OmniGSoft SportsVehicleLib 1.2 for Pocket PC
OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U
OpenOffice.org 3.1-->MsiExec.exe /I{824BADF8-9A1B-4D07-8817-8DDDC8543F23}
Patch 1.17.5 for "Men of War"-->"C:\Program Files (x86)\unins000.exe"
PoiZone-->C:\Program Files (x86)\Image-Line\PoiZone\uninstall.exe
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Sakura-->C:\Program Files (x86)\Image-Line\Sakura\uninstall.exe
Sawer-->C:\Program Files (x86)\Image-Line\Sawer\uninstall.exe
Shadowgrounds Survivor-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1DBF869D-6B07-4041-94C7-90E32D3CDD01}\SETUP.EXE" -l0x9 -removeonly
SimSynth-->C:\Program Files (x86)\Image-Line\SimSynth\uninstall.exe
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sniper Ghost Warrior™-->"C:\Program Files (x86)\X-pack\Sniper Ghost Warrior™\unins001.exe"
Sorian AI Mod 2.0.0-->"C:\Program Files (x86)\Sorian AI Mod\unins000.exe"
SpeedFan (remove only)-->"C:\Program Files (x86)\SpeedFan\uninstall.exe"
StarCraft II-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stronghold 2 Deluxe-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{16D2C649-CBA8-44EE-B730-12584667D487}\setup.exe" -l0x9 -removeonly
Subtitle Workshop 2.51-->"C:\Program Files (x86)\URUSoft\Subtitle Workshop\uninstall.exe"
Supreme Commander - Forged Alliance-->C:\Program Files (x86)\InstallShield Installation Information\{31D95937-B237-405D-920C-A3EF4E482395}\setup.exe -runfromtemp -l0x0009 -removeonly
System Requirements Lab-->C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe
Sytrus-->C:\Program Files (x86)\Image-Line\Sytrus\uninstall.exe
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
TeamViewer 5-->C:\Program Files (x86)\TeamViewer\Version5\uninstall.exe
The Battle for Middle-earth (tm) II-->C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\EAUninstall.exe
Titan Quest Immortal Throne-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x5 -removeonly
Titan Quest-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x9 -removeonly
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Toxic Biohazard-->C:\Program Files (x86)\Image-Line\Toxic Biohazard\uninstall.exe
TuneUp Utilities-->C:\Program Files (x86)\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Tunngle beta-->"C:\Program Files (x86)\Tunngle\unins000.exe"
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
UE3Redist-->MsiExec.exe /X{6530FDAA-5B1F-4830-95BB-650E9804D239}
Ultima Online: Mondain's Legacy-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}\setup.exe" -l0x9 -removeonly
Undercroft-->C:\Windows\WindowsMobile\Undercroft\Uninstall.exe Undercroft
Update 1.11.3.1 for "Men of War"-->C:\Program Files (x86)\505games\1C\Men of War\unins000.exe
Uploader 1.0-->"C:\Program Files (x86)\Share Rapid Uploader\unins000.exe"
Virtual Pool Mobile-->C:\Windows\WindowsMobile\Virtual Pool Mobile\Uninstall.exe Virtual Pool Mobile
VLC media player 1.0.5-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Warfare Incorporated(TM) for Pocket PC-->C:\Windows\unvise32.exe C:\Program Files (x86)\Handmark\Warfare Incorporated for Pocket PC\uninstal.log
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Movie Maker 2.6-->MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe
Wise Registry Cleaner Free 5.12-->"C:\Program Files (x86)\Wise Registry Cleaner\unins000.exe"
Worms for Pocket PC-->C:\Windows\unvise32.exe C:\Program Files (x86)\Jamdat\Worms Pocket PC\uninstal.log
Xfire (remove only)-->"C:\Program Files (x86)\Xfire\uninst.exe"
Zombie Driver 1.0.3-->C:\Program Files (x86)\Zombie Driver\uninst.exe

======System event log======

Computer Name: Tokyto-PC
Event Code: 20010
Message: Došlo ke změně jednoho nebo více podsystémů služby Plug and Play.

Povolený instalační podsystém služby PlugPlay: 'true'
Povolený podsystém mezipaměti služby PlugPlay: 'true'

Record Number: 1320
Source Name: Microsoft-Windows-UserPnp
Time Written: 20100127141708.102841-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Tokyto-PC
Event Code: 7036
Message: Stav služby Plug and Play byl změněn na: Spuštěno
Record Number: 1319
Source Name: Service Control Manager
Time Written: 20100127141708.102841-000
Event Type: Informace
User:

Computer Name: Tokyto-PC
Event Code: 26
Message: Procesor 1 ve skupině 0 uvádí následující informace:

stavy nečinnosti: 1
stavy činnosti: 4
stavy omezení: 8
Record Number: 1318
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20100127141655.950420-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Tokyto-PC
Event Code: 26
Message: Procesor 0 ve skupině 0 uvádí následující informace:

stavy nečinnosti: 1
stavy činnosti: 4
stavy omezení: 8
Record Number: 1317
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20100127141655.934820-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Tokyto-PC
Event Code: 6
Message: Filtr systému souborů FileInfo (verze 6.1, ?2009?-?07?-?14T00:34:25.000000000Z) byl úspěšně načten a zaregistrován ve Správci filtrů.
Record Number: 1316
Source Name: Microsoft-Windows-FilterManager
Time Written: 20100127141650.350010-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 900
Message: Služba Ochrana softwaru se spouští.

Record Number: 5
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100126161448.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20100126161247.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20100126161245.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100126161241.053295-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100126161241.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: Byla změněna zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Změněné atributy:
Název účtu SAM: -
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100126161223.830865-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: Byla vytvořena zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Nová skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Atributy:
Název účtu SAM: Backup Operators
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100126161223.830865-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x3214b
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100126161223.534465-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100126161222.114862-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100126161222.068062-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=c:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\GtkSharp\Runtime\bin;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"GTK_BASEPATH"=C:\Program Files (x86)\GtkSharp\Runtime\
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Dle pravidel fora (viz zde a a zde bod c.3 ) se vsak nelegalnim SW nezabyvame, jelikoz nelegalni programy jsou vetsinou zdrojem haveti. Navic tim porusujete i autorska prava , pachate trestny cin a ten jako takovy nebude nasim forem podporovan. Uvedomte si, ze jste na bezpecnostnim foru - podpora warezu (zvlaste bezpecnostnich programu) by byla zcela proti logice fora
Obstarejte si proto legalni ochranu Vaseho PC (alespon antivir), pote sem vlozte novy log z RSITu, CKScanneru, VWChecku - viz nize. Dale pak odinstalujte veskery nelegalni SW

Osobne Vam doporucuji Avast ci AViru. Prehled antiviru mate ZDE.

Log z RSITu - viz muj podpis
Stahnete na plochu CKScanner

• Spustte a kliknete na Search for files
• Po dokonceni skenu kliknete na Save List to File a nasledne OK
• Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

Caroprd111 píše: Stáhněte a spusťte WVCheck.exe nebo WVCheck.zip

• Stiskněte "Enter".
• Program začne prohledávat PC, délka skenu závisí na množství(velikosti) souborů, ale obvykle netrvá déle, než 5 minut.
• Po dokončení skenu na Vás vyskočí log, ten vložte do topicu. Log je také uložený na ploše.

Program jsem stahl a spustil, nyni to vytvari log...., zaroven prohledavam pc s antivirem...zatim nic nenasel

Dekuji za pomoc

Jakym antivirem, tim nelegalnim NODem Skenovat neni treba, ja havet v PC vidim...Odstranim ji ale az uvidim log z RSIT kde bude Avast nebo Avira a ne ten nelegalni NOD...

Windows Validation Check
Version: 1.9.11.4
Log Created On: 1511_30-12-2010
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2010-12-30 11:28:39
Last Success Time for Update Download: 2010-12-30 11:29:12
Last Success Time for Update Installation: 2010-12-30 11:31:04


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - e8b0ffc209e504cb7e79fc24e6c085f0


-------- End of File, program close at 1534_30-12-2010 --------

Fajn, jeste poprosim o log z CKScanneru a z RSIT - ovsem s legalnim AV (Avast ci Avira)

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\activision\call of duty - world at war\detail_maps\concrete\tiny_cracks_n.tga
c:\program files (x86)\activision\call of duty - world at war\detail_maps\terrain\dry_cracked_n.tga
c:\program files (x86)\activision\call of duty - world at war\raw\fx\misc\fx_snow_ice_crack_puff.efx
c:\program files (x86)\activision\call of duty - world at war\raw\materials\berlin_wall_concrete_cracked_peeling
c:\program files (x86)\activision\call of duty - world at war\raw\materials\berlin_wall_concrete_grungy_cracks
c:\program files (x86)\activision\call of duty - world at war\raw\materials\berlin_wall_plaster_two_tone_crack
c:\program files (x86)\activision\call of duty - world at war\raw\materials\decal_brick_crack
c:\program files (x86)\activision\call of duty - world at war\raw\materials\decal_concrete_crack1
c:\program files (x86)\activision\call of duty - world at war\raw\materials\decal_crack1
c:\program files (x86)\activision\call of duty - world at war\raw\materials\decal_damcrack
c:\program files (x86)\activision\call of duty - world at war\raw\materials\makin_terrain_dirt_cracked_mud_blend
c:\program files (x86)\activision\call of duty - world at war\raw\materials\makin_terrain_dirt_cracked_mud_blend_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\materials\makin_wall_concrete_cracked
c:\program files (x86)\activision\call of duty - world at war\raw\materials\makin_wall_concrete_cracked_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\materials\makin_wall_concrete_grungy_cracks
c:\program files (x86)\activision\call of duty - world at war\raw\materials\makin_wall_concrete_grungy_cracks_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\materials\mtl_dest_berlin_glass_crack
c:\program files (x86)\activision\call of duty - world at war\raw\materials\okinawa_trim_wood_plain_cracked
c:\program files (x86)\activision\call of duty - world at war\raw\materials\okinawa_trim_wood_plain_cracked_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\materials\okinawa_wall_concrete_grey_cracks
c:\program files (x86)\activision\call of duty - world at war\raw\materials\okinawa_wall_concrete_grey_cracks_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\materials\okinawa_wall_concrete_grey_cracks_wet
c:\program files (x86)\activision\call of duty - world at war\raw\materials\okinawa_wall_concrete_grey_cracks_wet_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\materials\peleliu_terrain_asphalt_runway_crack
c:\program files (x86)\activision\call of duty - world at war\raw\materials\peleliu_terrain_asphalt_runway_crack_blend
c:\program files (x86)\activision\call of duty - world at war\raw\materials\peleliu_terrain_asphalt_runway_crack_blend_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\materials\peleliu_terrain_asphalt_runway_crack_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\materials\peleliu_terrain_dirt_packed_cracked
c:\program files (x86)\activision\call of duty - world at war\raw\materials\peleliu_terrain_dirt_packed_cracked_blend
c:\program files (x86)\activision\call of duty - world at war\raw\materials\peleliu_terrain_dirt_packed_cracked_blend_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\materials\peleliu_terrain_dirt_packed_cracked_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\materials\peleliu_wall_concrete_cracked
c:\program files (x86)\activision\call of duty - world at war\raw\materials\peleliu_wall_concrete_cracked_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\materials\seelow_decal_trim_wood_cracked
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\berlin_wall_concrete_cracked_peeling
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\berlin_wall_concrete_grungy_cracks
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\berlin_wall_plaster_two_tone_crack
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\decal_brick_crack
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\decal_concrete_crack1
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\decal_crack1
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\decal_damcrack
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\makin_terrain_dirt_cracked_mud_blend
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\makin_terrain_dirt_cracked_mud_blend_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\makin_wall_concrete_cracked
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\makin_wall_concrete_cracked_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\makin_wall_concrete_grungy_cracks
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\makin_wall_concrete_grungy_cracks_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\mtl_dest_berlin_glass_crack
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\okinawa_trim_wood_plain_cracked
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\okinawa_trim_wood_plain_cracked_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\okinawa_wall_concrete_grey_cracks
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\okinawa_wall_concrete_grey_cracks_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\okinawa_wall_concrete_grey_cracks_wet
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\okinawa_wall_concrete_grey_cracks_wet_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\peleliu_terrain_asphalt_runway_crack
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\peleliu_terrain_asphalt_runway_crack_blend
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\peleliu_terrain_asphalt_runway_crack_blend_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\peleliu_terrain_asphalt_runway_crack_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\peleliu_terrain_dirt_packed_cracked
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\peleliu_terrain_dirt_packed_cracked_blend
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\peleliu_terrain_dirt_packed_cracked_blend_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\peleliu_terrain_dirt_packed_cracked_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\peleliu_wall_concrete_cracked
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\peleliu_wall_concrete_cracked_noscorch
c:\program files (x86)\activision\call of duty - world at war\raw\material_properties\seelow_decal_trim_wood_cracked
c:\program files (x86)\activision\call of duty - world at war\raw\weapons\sp\zombie_knuckle_crack
c:\program files (x86)\garena\plugins\ui\avoidcrackplugin.dll
c:\program files (x86)\image-line\drumaxx\drum patches\sound fx\crack.dmpatch
c:\program files (x86)\image-line\hardcore\presets\i cracked my tube!.hdprg
c:\program files (x86)\imtoo\avi mpeg converter\script\crack.js
c:\program files (x86)\mount&blade warband\modules\1866_mp_v3\textures\cracked_ground_a.dds
c:\program files (x86)\mount&blade warband\modules\1866_mp_v3\textures\cracked_ground_a_high.dds
c:\program files (x86)\mount&blade warband\modules\1866_mp_v5\textures\cracked_ground_a.dds
c:\program files (x86)\mount&blade warband\modules\1866_mp_v5\textures\cracked_ground_a_high.dds
c:\program files (x86)\mount&blade warband\sounds\fire_small_crackle_slick_op.ogg
c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\common\mp_cracked.ff
c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\english\en_mp_cracked.ff
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmapobjectlink\mapobjects\_(advmapobjectlink)\objects-lava\lavacracks\lavacrack3x2_1
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmapobjectlink\mapobjects\_(advmapobjectlink)\objects-lava\lavacracks\lavacrack3x2_2
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmapobjectlink\mapobjects\_(advmapobjectlink)\objects-lava\lavacracks\lavacrack3x2_3
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmapobjectlink\mapobjects\_(advmapobjectlink)\objects-lava\lavacracks\lavacrack3x2_4
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmapobjectlink\mapobjects\_(advmapobjectlink)\objects-lava\lavacracks\lavacrack5x3_1
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmapobjectlink\mapobjects\_(advmapobjectlink)\objects-lava\lavacracks\lavacrack5x3_2
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmapobjectlink\mapobjects\_(advmapobjectlink)\objects-lava\lavacracks\lavacrack5x3_3
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmapobjectlink\mapobjects\_(advmapobjectlink)\objects-lava\lavacracks\lavacrack5x3_4
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmapobjectlink\mapobjects\_(advmapobjectlink)\objects-lava\lavacracks\lavacrack7x2_1
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmapobjectlink\mapobjects\_(advmapobjectlink)\objects-lava\lavacracks\lavacrack7x4_1
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmapobjectlink\mapobjects\_(advmapobjectlink)\objects-lava\lavacracks\lavacrack7x5_1
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmapobjectlink\mapobjects\_(advmapobjectlink)\objects-snow\trees\crackedspruce01
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmapobjectlink\mapobjects\_(advmapobjectlink)\objects-snow\trees\crackedspruce02
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmapobjectlink\mapobjects\_(advmapobjectlink)\objects-snow\trees\crackedspruce03
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmapobjectlink\mapobjects\_(advmapobjectlink)\objects-snow\trees\crackedspruce04
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmapobjectlink\mapobjects\_(advmapobjectlink)\objects-snow\trees\crackedspruce05
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmapobjectlink\mapobjects\_(advmapobjectlink)\objects-snow\trees\crackedtree
c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\editor\iconcache\advmaptile\mapobjects\_(advmaptile)\sand\sand_cracked
c:\users\tokyto\desktop\bia_v3.1.6_crackfix.apk
c:\users\tokyto\desktop\keygen.exe
c:\users\tokyto\desktop\mafia2crackv2.rar
c:\users\tokyto\desktop\mowcrack1175.rar
c:\users\tokyto\desktop\ostatní\moje!\games\cod\cod4\cod4 keygen.exe
c:\users\tokyto\desktop\ostatní\moje!\games\fa\neni mozny\zaloha\crack\forgedalliance.exe
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrack.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackalphatest.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackenvmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackenvmapalphatest.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackenvmapalphatestlightmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackenvmapalphatestlightmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackenvmapalphatestpointlight.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackenvmapalphatestshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackenvmaplightmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackenvmaplightmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackenvmappointlight.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackenvmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcracklightmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcracklightmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackenvmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackenvmapalphatest.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackenvmapalphatestlightmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackenvmapalphatestlightmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackenvmapalphatestpointlight.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackenvmapalphatestshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackenvmaplightmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackenvmaplightmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackenvmappointlight.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackenvmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackparallaxdetail.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatest.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestpointlight.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackparallaxdetailpointlight.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackparallaxdetailshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackpointlight.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetailcrackshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrack.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcracklightmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetail.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatest.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestpointlight.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmap.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmapshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailpointlight.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\users\tokyto\documents\battlefield play4free\mods\main\cache\{d7b71e3e-4551-11cf-1e64-bc0a1cc2c535}_218318_4\rashaderstmbasedetaildirtcrackshadow.cfx
c:\users\tokyto\documents\imtoo software studio\avi mpeg converter\crack.js
c:\users\tokyto\documents\imtoo software studio\video converter ultimate\crack.js
c:\users\tokyto\downloads\empire_earth_2_-_full_with_crack_kg.3398923.tpb.torrent
c:\users\tokyto\downloads\eset nod32 keygen v1.2 by banny.h4ck www.kos0vadc.c0m.rar
c:\users\tokyto\downloads\mafia ii update + crack.rar
c:\users\tokyto\downloads\sid.meiers.civilization.v-skidrow-crackonly.5850241.tpb.torrent
scanner sequence 3.ZZ.11
----- EOF -----

Logfile of random's system information tool 1.08 (written by random/random)
Run by Tokyto at 2010-12-30 16:04:10
Microsoft Windows 7 Ultimate
System drive C: has 16 GB (5%) free of 305 GB
Total RAM: 2046 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:04:19, on 30.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\QIP Infium\infium.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe
C:\Users\Tokyto\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlExHlper.exe
C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\League of Legends\lol.launcher.exe
C:\Program Files (x86)\League of Legends\Air\LOLClient.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\trend micro\Tokyto.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Tokyto\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Tokyto\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Tokyto\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP Infium\infium.exe" /autorun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [dll] C:\Users\Tokyto\AppData\Roaming\dll\svchost.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tokyto\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{76408C75-C11F-4AFC-9C77-C4289F0CC8DE}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files (x86)\GameTracker\GSInGameService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11982 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\GameTracker\GSInGameService.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe" -service
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe"
"C:\Program Files (x86)\Tunngle\TnglCtrl.exe"
"C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe" /TUStart /pid:1588
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\QIP Infium\infium.exe" /autorun
WLIDSvcM.exe 2144
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files (x86)\Steam\Steam.exe" -silent
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -agent
"C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
"C:\Users\Tokyto\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe" /crashhandler
"C:\Program Files (x86)\Xfire\Xfire.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-64a0291a-2695-4c08-a5ad-5b223184f99e -SystemEventPortName:HostProcess-0196cf1f-1b40-401d-b10d-a790e7e5fc2e -IoCancelEventPortName:HostProcess-36f9c871-9e9a-4f1d-9ce9-ae0db8d25947 -NonStateChangingEventPortName:HostProcess-516da4f0-3409-4899-9886-727d30433542 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5fa29fa0-9742-4ec3-b19a-82d09e286a2a
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Program Files (x86)\Xfire\Xfire.exe" C:\Program Files (x86)\Xfire\Xfire.exe/uac 3204
"C:\Program Files (x86)\Xfire\xfire64.exe" xfire64.exe /pid 4908
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlExHlper.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Tokyto\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=868.0351F900.1991404222 /prefetch:3
"C:\Program Files (x86)\League of Legends\lol.launcher.exe"
Air\LOLClient.exe -runtime .\ -nodebug META-INF\AIR\application.xml .\ -- 8393
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe33_ Global\UsGthrCtrlFltPipeMssGthrPipe33 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
"C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
taskeng.exe {9D404BEF-0B0E-4861-8F72-4490E738011F}
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Tokyto\Downloads\RSITx64 (1).exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3049775063-532791586-3059231688-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3049775063-532791586-3059231688-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\Tokyto\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll [2010-09-06 48080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Tokyto\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"Infium"=C:\Program Files (x86)\QIP Infium\infium.exe [2010-09-06 5896656]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"AlcoholAutomount"=C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
"dll"=C:\Users\Tokyto\AppData\Roaming\dll\svchost.exe [2010-06-24 139776]
""= []
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-10-11 14940040]
"Google Update"=C:\Users\Tokyto\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-26 135664]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2010-11-17 1242448]
"DriverMax"=C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe [2010-03-01 9216928]
"DriverMax_RESTART"=C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe [2010-03-01 9216928]
"OfficeSyncProcess"=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2010-03-16 908160]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-08-10 421888]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

C:\Users\Tokyto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2010-12-30 16:01:22 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-12-30 16:01:22 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-12-30 16:01:21 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-12-30 16:01:19 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-12-30 16:01:14 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-12-30 16:00:40 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2010-12-30 15:59:23 ----D---- C:\ProgramData\Alwil Software
2010-12-30 15:59:23 ----D---- C:\Program Files\Alwil Software
2010-12-30 13:06:37 ----SHD---- C:\Config.Msi
2010-12-29 19:19:45 ----A---- C:\Windows\system32\RtNicProp64.dll
2010-12-29 19:19:45 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2010-12-29 19:19:42 ----D---- C:\Program Files (x86)\Realtek
2010-12-29 19:10:58 ----D---- C:\ProgramData\Sun
2010-12-29 19:10:48 ----A---- C:\Windows\SYSWOW64\javaws.exe
2010-12-29 19:10:48 ----A---- C:\Windows\SYSWOW64\javaw.exe
2010-12-29 19:10:48 ----A---- C:\Windows\SYSWOW64\java.exe
2010-12-29 19:10:48 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2010-12-29 18:43:11 ----D---- C:\Users\Tokyto\AppData\Roaming\.minecraft
2010-12-28 20:28:49 ----D---- C:\Program Files (x86)\Trend Micro
2010-12-18 23:02:34 ----D---- C:\Program Files (x86)\A1 WMA Tools
2010-12-18 22:57:04 ----A---- C:\Windows\SYSWOW64\AudPlayer.dll
2010-12-18 22:57:04 ----A---- C:\Windows\SYSWOW64\AudioVisu.dll
2010-12-18 22:57:04 ----A---- C:\Windows\SYSWOW64\AudioRecord.dll
2010-12-18 22:57:04 ----A---- C:\Windows\SYSWOW64\AudioInfos.dll
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\VB6STKIT.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\VB6FR.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\TABCTFR.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\MSCMCFR.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\Mscc2fr.dll
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\inetfr.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\CMDLGFR.DLL
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\AudFile.dll
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\AudDisplay.dll
2010-12-18 22:57:03 ----A---- C:\Windows\SYSWOW64\AudDesign.dll
2010-12-18 22:57:02 ----D---- C:\Users\Tokyto\AppData\Roaming\FreeAudioPack
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\NCTWMAFile2.dll
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\NCTWMAFile.dll
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\NCTAudioPlayer.dll
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\NCTAudioInformation2.dll
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\NCTAudioFile.dll
2010-12-18 22:38:15 ----A---- C:\Windows\SYSWOW64\msvcr70.dll
2010-12-18 14:09:09 ----D---- C:\Program Files (x86)\NAVIGON
2010-12-16 16:00:59 ----A---- C:\Windows\SYSWOW64\tzres.dll
2010-12-16 16:00:59 ----A---- C:\Windows\system32\tzres.dll
2010-12-16 16:00:54 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2010-12-16 16:00:54 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2010-12-16 16:00:54 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
2010-12-16 16:00:54 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2010-12-16 16:00:54 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-16 16:00:54 ----A---- C:\Windows\system32\taskschd.dll
2010-12-16 16:00:54 ----A---- C:\Windows\system32\taskeng.exe
2010-12-16 16:00:54 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-16 16:00:54 ----A---- C:\Windows\system32\schtasks.exe
2010-12-16 16:00:54 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-16 16:00:46 ----A---- C:\Windows\system32\atmfd.dll
2010-12-16 16:00:45 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2010-12-16 16:00:45 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2010-12-16 16:00:45 ----A---- C:\Windows\system32\atmlib.dll
2010-12-16 16:00:40 ----A---- C:\Windows\system32\win32k.sys
2010-12-16 16:00:35 ----A---- C:\Windows\system32\webio.dll
2010-12-16 16:00:34 ----A---- C:\Windows\SYSWOW64\webio.dll
2010-12-16 16:00:32 ----A---- C:\Windows\system32\consent.exe
2010-12-16 16:00:31 ----A---- C:\Windows\system32\mshtml.dll
2010-12-16 16:00:31 ----A---- C:\Windows\system32\iertutil.dll
2010-12-16 16:00:30 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2010-12-16 16:00:30 ----A---- C:\Windows\system32\mstime.dll
2010-12-16 16:00:30 ----A---- C:\Windows\system32\ieframe.dll
2010-12-16 16:00:28 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-12-16 16:00:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-12-16 16:00:26 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-12-16 16:00:25 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-12-16 16:00:25 ----A---- C:\Windows\system32\wininet.dll
2010-12-16 16:00:25 ----A---- C:\Windows\system32\urlmon.dll
2010-12-16 16:00:25 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-12-16 16:00:24 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-12-16 16:00:24 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-16 16:00:24 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-16 16:00:24 ----A---- C:\Windows\system32\ieui.dll
2010-12-16 16:00:24 ----A---- C:\Windows\system32\iepeers.dll
2010-12-16 16:00:24 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-16 16:00:23 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-12-16 16:00:23 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2010-12-16 16:00:23 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-12-16 16:00:23 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-16 16:00:23 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-16 16:00:23 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-14 19:43:50 ----D---- C:\Users\Tokyto\AppData\Roaming\zaloha minecraftů

======List of files/folders modified in the last 1 months======

2010-12-30 16:04:21 ----D---- C:\Windows\Temp
2010-12-30 16:04:16 ----D---- C:\Program Files\trend micro
2010-12-30 16:03:20 ----D---- C:\Users\Tokyto\AppData\Roaming\skypePM
2010-12-30 16:03:02 ----D---- C:\Users\Tokyto\AppData\Roaming\Skype
2010-12-30 16:01:58 ----SHD---- C:\System Volume Information
2010-12-30 16:01:22 ----D---- C:\Windows\system32\drivers
2010-12-30 16:01:14 ----D---- C:\Windows\SysWOW64
2010-12-30 16:01:13 ----SHD---- C:\Windows\Installer
2010-12-30 16:01:01 ----D---- C:\Windows\winsxs
2010-12-30 16:01:00 ----D---- C:\Windows\system32\config
2010-12-30 16:00:41 ----D---- C:\Windows
2010-12-30 15:59:23 ----RD---- C:\Program Files
2010-12-30 15:59:23 ----HD---- C:\ProgramData
2010-12-30 15:59:23 ----D---- C:\Windows\system32\catroot2
2010-12-30 14:18:06 ----D---- C:\Program Files (x86)\League of Legends
2010-12-30 14:15:18 ----D---- C:\Windows\Minidump
2010-12-30 14:15:18 ----D---- C:\Windows\debug
2010-12-30 13:21:21 ----D---- C:\Windows\WindowsMobile
2010-12-30 13:21:15 ----RD---- C:\Program Files (x86)
2010-12-30 13:20:40 ----D---- C:\Program Files (x86)\VstPlugins
2010-12-30 13:20:40 ----D---- C:\Program Files (x86)\Image-Line
2010-12-30 13:18:57 ----D---- C:\Program Files (x86)\VideoLAN
2010-12-30 13:18:21 ----D---- C:\Program Files (x86)\Quick Memory Editor
2010-12-30 13:11:44 ----D---- C:\Program Files (x86)\Foxit Software
2010-12-30 13:11:30 ----D---- C:\Program Files (x86)\Handbrake
2010-12-30 13:09:48 ----D---- C:\Program Files (x86)\URUSoft
2010-12-30 13:09:10 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-12-30 13:09:07 ----D---- C:\Users\Tokyto\AppData\Roaming\Mozilla
2010-12-30 13:06:39 ----D---- C:\Windows\system32\Tasks
2010-12-30 13:05:52 ----D---- C:\Program Files (x86)\Common Files
2010-12-30 13:04:26 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-12-30 13:02:46 ----D---- C:\Program Files (x86)\Steam
2010-12-30 13:02:12 ----D---- C:\ProgramData\NVIDIA
2010-12-30 13:00:11 ----D---- C:\Program Files (x86)\Zombie Driver
2010-12-30 12:26:53 ----D---- C:\Windows\System32
2010-12-29 19:20:21 ----D---- C:\Windows\inf
2010-12-29 19:20:15 ----D---- C:\Windows\system32\catroot
2010-12-29 19:20:15 ----D---- C:\Windows\Prefetch
2010-12-29 19:20:13 ----D---- C:\Windows\system32\DriverStore
2010-12-29 19:10:44 ----D---- C:\Program Files (x86)\Java
2010-12-29 15:56:48 ----D---- C:\Users\Tokyto\AppData\Roaming\Xfire
2010-12-27 19:50:59 ----D---- C:\temp
2010-12-27 16:31:00 ----D---- C:\Program Files (x86)\JDownloader
2010-12-26 20:00:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-25 21:20:23 ----D---- C:\ProgramData\Xfire
2010-12-18 23:15:55 ----D---- C:\Users\Tokyto\AppData\Roaming\uTorrent
2010-12-18 23:00:49 ----D---- C:\Program Files (x86)\ImTOO
2010-12-18 16:01:17 ----D---- C:\Windows\rescache
2010-12-17 13:17:40 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-12-17 13:17:40 ----D---- C:\Windows\system32\cs-CZ
2010-12-17 13:17:37 ----D---- C:\Windows\SYSWOW64\migration
2010-12-17 13:17:37 ----D---- C:\Program Files\Windows Mail
2010-12-17 13:17:37 ----D---- C:\Program Files\Internet Explorer
2010-12-17 13:17:37 ----D---- C:\Program Files (x86)\Windows Mail
2010-12-17 13:17:37 ----D---- C:\Program Files (x86)\Internet Explorer
2010-12-17 13:17:36 ----D---- C:\Windows\system32\migration
2010-12-16 23:19:42 ----D---- C:\ProgramData\Microsoft Help
2010-12-16 23:14:27 ----A---- C:\Windows\system32\MRT.exe
2010-12-16 21:11:23 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2010-12-16 21:11:14 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2010-12-16 20:53:13 ----D---- C:\Program Files (x86)\EA GAMES
2010-12-15 18:52:27 ----D---- C:\ProgramData\Tunngle
2010-12-15 18:52:26 ----D---- C:\Users\Tokyto\AppData\Roaming\Tunngle
2010-12-13 21:13:27 ----D---- C:\Program Files (x86)\Tunngle

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-01-26 834544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 28752]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 121936]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 51280]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 20048]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-11-11 408680]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 35112]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
R4 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys []
R4 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R4 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys []
S3 ascj35jf;ascj35jf; C:\Windows\system32\drivers\ascj35jf.sys []
S3 axly2r5t;axly2r5t; C:\Windows\system32\drivers\axly2r5t.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena\plugins\UI\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 33856]
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-02-26 9216]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2010-02-26 9216]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WINUSB;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GS In-Game Service;GS In-Game Service; C:\Program Files (x86)\GameTracker\GSInGameService.exe [2009-12-10 1643872]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-10-16 989800]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-12-16 75136]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2010-12-16 189248]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 TeamViewer5;TeamViewer 5; C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-12-18 1394504]
R2 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-11-17 403240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 TuneUp.Defrag;@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-01-30 607048]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1255736]

-----------------EOF-----------------

NOD 32 jsem odinstaloval a nahradil avastem

Ke sbirce cracku asi nema cenu se vyjadrovat ze

Spustte HJT a provedeme fixnuti polozek

• HJT najdete zde C:\Program Files\trend micro\Tokyto.exe
• Otevre se Vam okno, kliknete na Do a system scan only
• V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
• R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Tokyto\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
  R3 - URLSearchHook: (no name) - - (no file)
• Kliknete na Fix checked (vlevo dole)
• HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

HJT najdete zde C:\Program Files\trend micro\Tokyto.exe

-takovy soubor neexistuje..., je tam pouze slozka s HJT, tak sem fixnul co jste rekl...
-byl tu maly problem ohledne combofixu..., zapl jsem ho, sel jsem se naveceret, vratil se a windows mi vyhodil tabulku, ze PEV.cfxxe prestal pracovat, klikl jsem na ukoncit program, pote mi ji windows vyhodil znova..tak sem opet dal ukoncit, toto udelal asi 3x, chvilku potom combofix dokoncil sken



ComboFix 10-12-29.04 - Tokyto 30.12.2010 17:53:06.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2046.1192 [GMT 1:00]
Spuštěný z: c:\users\Tokyto\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\program files (x86)\\setup.exe
c:\program files (x86)\Setup.exe
c:\users\Tokyto\AppData\Roaming\7za.exe
c:\users\Tokyto\AppData\Roaming\dll
c:\users\Tokyto\AppData\Roaming\dll\here.txt
c:\users\Tokyto\AppData\Roaming\dll\svchost.exe
c:\users\Tokyto\AppData\Roaming\Microsoft\Internet Explorer\qsTAtsrv.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-28 do 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-30 17:02 . 2010-12-30 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-30 16:29 . 2010-12-30 16:29 -------- d-----w- c:\users\Tokyto\AppData\Roaming\.minecraft
2010-12-30 15:00 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-30 15:00 . 2010-09-07 16:11 167592 ----a-w- c:\windows\SysWow64\aswBoot.exe
2010-12-30 14:59 . 2010-12-30 15:00 -------- d-----w- c:\programdata\Alwil Software
2010-12-30 14:59 . 2010-12-30 15:00 -------- d-----w- c:\program files\Alwil Software
2010-12-30 11:30 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{949FBF4A-EED2-4D6E-BA29-0B6B59C3A423}\mpengine.dll
2010-12-29 18:19 . 2010-12-29 18:19 -------- d-----w- c:\program files (x86)\Realtek
2010-12-29 18:10 . 2010-12-29 18:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-29 18:10 . 2010-11-12 17:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-29 18:10 . 2010-11-12 17:53 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-28 19:28 . 2010-12-28 19:28 388096 ----a-r- c:\users\Tokyto\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-28 19:28 . 2010-12-28 19:28 -------- d-----w- c:\program files (x86)\Trend Micro
2010-12-18 22:02 . 2010-12-30 12:12 -------- d-----w- c:\program files (x86)\A1 WMA Tools
2010-12-18 21:38 . 2003-03-26 05:59 573440 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
2010-12-18 21:38 . 2003-03-25 14:08 286720 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll
2010-12-18 21:38 . 2002-12-03 02:11 143872 ----a-w- c:\windows\SysWow64\NCTWMAFile.dll
2010-12-18 21:38 . 2002-12-03 02:07 168448 ----a-w- c:\windows\SysWow64\NCTAudioPlayer.dll
2010-12-18 21:38 . 2002-12-03 02:02 491520 ----a-w- c:\windows\SysWow64\NCTAudioFile.dll
2010-12-18 21:38 . 2002-01-05 06:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2010-12-18 13:09 . 2010-12-18 13:09 -------- d-----w- c:\program files (x86)\NAVIGON
2010-12-14 18:43 . 2010-12-14 18:44 -------- d-----w- c:\users\Tokyto\AppData\Roaming\zaloha minecraftů
2010-12-07 18:36 . 2010-12-07 18:36 -------- d-----w- c:\users\Tokyto\AppData\Local\IsolatedStorage
2010-12-07 18:36 . 2010-12-07 18:36 -------- d-----w- c:\users\Tokyto\AppData\Local\Futuremark_Corporation
2010-12-07 18:35 . 2010-12-07 18:35 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-16 20:11 . 2010-01-26 18:09 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-12-16 20:11 . 2010-01-26 18:09 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-11-13 11:48 . 2010-01-26 18:54 234392 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2010-11-05 13:05 . 2010-11-05 13:05 2427248 ----a-w- c:\windows\SysWow64\pbsvc_heroes.exe
2010-10-16 18:55 . 2010-10-29 13:54 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-10-16 18:55 . 2010-10-29 13:54 5473896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2010-10-16 18:55 . 2010-10-29 13:54 4837480 ----a-w- c:\windows\SysWow64\nvcuda.dll
2010-10-16 18:55 . 2010-10-29 13:54 319080 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2010-10-16 18:55 . 2010-10-29 13:54 2912360 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2010-10-16 18:55 . 2010-10-29 13:54 2666600 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2010-10-16 18:55 . 2010-10-29 13:54 14899816 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2010-10-16 18:55 . 2010-10-29 13:54 1719912 ----a-w- c:\windows\SysWow64\nvapi.dll
2010-10-16 18:55 . 2010-10-29 13:54 13019752 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2010-10-16 18:55 . 2010-03-20 12:01 10023528 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\SysWow64\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2010-09-12 13:57 . 2010-09-12 13:36 814143398 ----a-w- c:\program files (x86)\loleusetup.exe
2010-04-22 12:32 . 2010-03-28 15:12 704282 ----a-w- c:\program files (x86)\unins000.exe
2010-04-02 12:45 . 2010-04-02 12:10 473 ----a-w- c:\program files (x86)\layout.bin
2010-04-02 12:45 . 2010-04-02 12:10 576000 ----a-w- c:\program files (x86)\ISSetup.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Infium"="c:\program files (x86)\QIP Infium\infium.exe" [2010-09-06 5896656]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"Google Update"="c:\users\Tokyto\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-26 135664]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2010-11-17 1242448]
"DriverMax"="c:\program files (x86)\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 908160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Tokyto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2010-7-9 3493776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"NokiaMServer"=c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\plugins\UI\safedrv.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-26 834544]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 GS In-Game Service;GS In-Game Service;c:\program files (x86)\GameTracker\GSInGameService.exe [2009-12-10 1643872]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-12-17 1394504]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-11-22 718072]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-11 408680]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 35112]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S4 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S4 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
.
Obsah adresáře 'Naplánované úlohy'

2010-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049775063-532791586-3059231688-1001Core.job
- c:\users\Tokyto\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-26 16:31]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049775063-532791586-3059231688-1001UA.job
- c:\users\Tokyto\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-26 16:31]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\SYSTEM32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: {76408C75-C11F-4AFC-9C77-C4289F0CC8DE} = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1 - c:\program files (x86)\JoWooD Entertainment AG\ArcaniA - Gothic 4\unins000.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Tokyto\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3049775063-532791586-3059231688-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:62,11,cd,be,b2,6a,22,42,ea,70,7f,e6,62,fe,61,5a,d6,99,02,4c,7b,5b,10,
92,2d,74,16,a4,0d,c2,76,4c,8b,1f,b5,f3,2c,05,ae,6d,5c,10,4f,18,8d,f5,71,cd,\
"??"=hex:c3,26,06,7f,34,67,ca,e0,4f,9e,cb,24,ea,da,30,eb

[HKEY_USERS\S-1-5-21-3049775063-532791586-3059231688-1001\Software\SecuROM\License information*]
"datasecu"=hex:f7,df,3c,eb,4c,90,48,8d,54,d6,7d,50,fc,ff,cb,ae,74,af,b5,54,22,
eb,03,0b,28,23,58,ea,d6,7d,b1,16,0e,79,19,a8,f1,a6,b3,8d,22,7c,f9,b5,db,b4,\
"rkeysecu"=hex:a7,fd,be,5f,3a,22,f5,0a,8e,68,9a,f8,72,f3,90,8d

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-12-30 18:19:50
ComboFix-quarantined-files.txt 2010-12-30 17:19

Před spuštěním: Volných bajtů: 17 325 355 008
Po spuštění: Volných bajtů: 18 217 324 544

- - End Of File - - 329DF47519B349AEF04CB714A7C5C9B0

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  RegLock::
  [HKEY_USERS\S-1-5-21-3049775063-532791586-3059231688-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  [HKEY_USERS\S-1-5-21-3049775063-532791586-3059231688-1001\Software\SecuROM\License information*]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
  
  Driver::
  ehdrv
  epfwwfpr
  
  File::
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049775063-532791586-3059231688-1001Core.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3049775063-532791586-3059231688-1001UA.job
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  "SunJavaUpdateSched"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  "AlcoholAutomount"=-
  "Skype"=-
  "Google Update"=-
  "Steam"=-

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Super, prestal mi fungovat internet v pc. Pisu z mobilu. Vse probihalo v pohode, ovsem po restartu pri dokoncovani combofixu opet hlaska ze PEV.cfxxe prestal pracovat(opet nekolikrat). Pak se to dokoncilo, jdu odeslat log a woala, nejde net.