Preventivka - prosím o kontrolu
Napsal: 30 pro 2010 22:33
Logfile of random's system information tool 1.08 (written by random/random)
Run by Kubaj at 2010-12-30 22:31:35
Microsoft Windows 7 Ultimate
System drive C: has 23 GB (56%) free of 41 GB
Total RAM: 2047 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:31:39, on 30.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
D:\Downloads\RSIT.exe
C:\Program Files\trend micro\Kubaj.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Kubaj\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll (file missing)
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Kubaj\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (file missing)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll (file missing)
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetSoftware\IEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\Windows\system32\hasplms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
--
End of file - 4997 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Norton Security Scan for Kubaj.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\Kubaj\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\Kubaj\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Program Files\Internet Explorer\qipsearchbar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]
IEHlprObj Class - C:\Program Files\NetSoftware\IEHelper.dll [2010-08-28 106496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-10-28 7862816]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-12-30 22:31:35 ----D---- C:\rsit
2010-12-30 22:31:35 ----D---- C:\Program Files\trend micro
2010-12-29 16:47:46 ----D---- C:\Users\Kubaj\AppData\Roaming\Malwarebytes
2010-12-29 16:47:44 ----D---- C:\ProgramData\Malwarebytes
2010-12-28 23:39:47 ----D---- C:\Program Files\Lavalys
2010-12-21 12:21:29 ----A---- C:\Windows\system32\javaws.exe
2010-12-21 12:21:29 ----A---- C:\Windows\system32\javaw.exe
2010-12-21 12:21:29 ----A---- C:\Windows\system32\java.exe
2010-12-15 21:26:37 ----D---- C:\ProgramData\EscapeTheMuseum
2010-12-15 12:51:50 ----D---- C:\Program Files\Common Files\Java
2010-12-15 09:14:24 ----A---- C:\Windows\system32\tzres.dll
2010-12-15 09:14:19 ----A---- C:\Windows\system32\iertutil.dll
2010-12-15 09:14:18 ----A---- C:\Windows\system32\mstime.dll
2010-12-15 09:14:17 ----A---- C:\Windows\system32\mshtml.dll
2010-12-15 09:14:15 ----A---- C:\Windows\system32\ieframe.dll
2010-12-15 09:14:14 ----A---- C:\Windows\system32\wininet.dll
2010-12-15 09:14:14 ----A---- C:\Windows\system32\urlmon.dll
2010-12-15 09:14:14 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-15 09:14:14 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-15 09:14:14 ----A---- C:\Windows\system32\ieui.dll
2010-12-15 09:14:14 ----A---- C:\Windows\system32\iepeers.dll
2010-12-15 09:14:14 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-15 09:14:13 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-15 09:14:13 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-15 09:14:13 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-15 09:14:13 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-15 09:14:09 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 09:14:09 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 09:14:09 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 09:14:09 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 09:14:09 ----A---- C:\Windows\system32\schtasks.exe
2010-12-15 09:14:09 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 09:14:01 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 09:14:01 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 09:13:55 ----A---- C:\Windows\system32\webio.dll
2010-12-15 09:13:51 ----A---- C:\Windows\system32\consent.exe
2010-12-15 09:13:50 ----A---- C:\Windows\system32\oleaut32.dll
2010-12-15 09:13:49 ----A---- C:\Windows\system32\win32k.sys
2010-12-12 14:01:36 ----D---- C:\Program Files\VideoLAN
2010-12-11 18:23:51 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-12-11 13:58:16 ----D---- C:\Windows\system32\drivers\NSS
2010-12-11 13:58:16 ----D---- C:\Program Files\Norton Security Scan
2010-12-11 13:58:14 ----D---- C:\Program Files\NortonInstaller
======List of files/folders modified in the last 1 months======
2010-12-30 22:31:39 ----D---- C:\Windows\Prefetch
2010-12-30 22:31:36 ----D---- C:\Windows\Temp
2010-12-30 22:31:35 ----RD---- C:\Program Files
2010-12-30 18:59:11 ----D---- C:\Windows\System32
2010-12-30 18:59:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-30 18:59:10 ----D---- C:\Windows\inf
2010-12-30 15:51:46 ----D---- C:\Windows\system32\config
2010-12-30 15:44:14 ----SHD---- C:\System Volume Information
2010-12-30 15:39:54 ----D---- C:\Windows\rescache
2010-12-29 22:26:15 ----D---- C:\Windows\system32\LogFiles
2010-12-29 22:25:25 ----D---- C:\ProgramData\AlawarWrapper
2010-12-29 22:25:25 ----AHD---- C:\ProgramData
2010-12-29 16:54:34 ----D---- C:\Program Files\Internet Explorer
2010-12-29 16:52:47 ----D---- C:\Windows\system32\drivers
2010-12-29 16:40:08 ----D---- C:\Windows\winsxs
2010-12-29 16:37:13 ----D---- C:\Windows
2010-12-29 16:05:25 ----D---- C:\Users\Kubaj\AppData\Roaming\Winamp
2010-12-29 16:05:21 ----D---- C:\Windows\Minidump
2010-12-29 16:05:21 ----D---- C:\Windows\debug
2010-12-29 15:58:24 ----D---- C:\Users\Kubaj\AppData\Roaming\uTorrent
2010-12-29 15:47:44 ----D---- C:\Program Files\uTorrent
2010-12-28 23:52:58 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-21 12:21:36 ----SHD---- C:\Windows\Installer
2010-12-21 12:21:27 ----D---- C:\Program Files\Java
2010-12-18 07:48:21 ----D---- C:\Windows\system32\catroot2
2010-12-18 07:47:51 ----D---- C:\Program Files\Microsoft Silverlight
2010-12-15 19:02:10 ----D---- C:\bwinPoker
2010-12-15 18:57:53 ----D---- C:\Windows\system32\sk-SK
2010-12-15 18:57:53 ----D---- C:\Windows\system32\en-US
2010-12-15 18:57:53 ----D---- C:\Windows\system32\cs-CZ
2010-12-15 18:57:53 ----D---- C:\Program Files\Windows Mail
2010-12-15 18:57:52 ----D---- C:\Windows\system32\migration
2010-12-15 18:55:30 ----D---- C:\ProgramData\Microsoft Help
2010-12-15 18:54:06 ----D---- C:\Windows\system32\catroot
2010-12-15 18:52:32 ----A---- C:\Windows\system32\MRT.exe
2010-12-15 12:51:50 ----D---- C:\Program Files\Common Files
2010-12-15 11:53:25 ----D---- C:\Windows\system32\NDF
2010-12-11 18:22:27 ----D---- C:\ProgramData\Symantec
2010-12-11 13:58:20 ----D---- C:\Windows\Tasks
2010-12-11 13:58:20 ----D---- C:\Windows\system32\Tasks
2010-12-11 13:58:16 ----D---- C:\ProgramData\Norton
2010-12-11 13:29:30 ----SD---- C:\Users\Kubaj\AppData\Roaming\Microsoft
2010-12-11 13:26:14 ----D---- C:\MosaicApp
2010-12-11 10:58:29 ----D---- C:\Windows\system32\Macromed
2010-12-10 13:19:56 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-07-23 14392]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-03 691696]
R1 BS_I2cIo;BS_I2cIo; \??\C:\Windows\system32\drivers\BS_I2cIo.sys [2008-06-16 17024]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R2 aksfridge;aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [2009-08-20 356864]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2009-12-09 588800]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-10-28 2785568]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 ajwfklyc;ajwfklyc; C:\Windows\system32\drivers\ajwfklyc.sys []
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 hasplms;Sentinel HASP License Manager; C:\Windows\system32\hasplms.exe [2009-12-16 3750400]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2010-10-16 600680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 33584]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Run by Kubaj at 2010-12-30 22:31:35
Microsoft Windows 7 Ultimate
System drive C: has 23 GB (56%) free of 41 GB
Total RAM: 2047 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:31:39, on 30.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
D:\Downloads\RSIT.exe
C:\Program Files\trend micro\Kubaj.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Kubaj\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll (file missing)
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Kubaj\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (file missing)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll (file missing)
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetSoftware\IEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\Windows\system32\hasplms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
--
End of file - 4997 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Norton Security Scan for Kubaj.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\Kubaj\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\Kubaj\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Program Files\Internet Explorer\qipsearchbar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]
IEHlprObj Class - C:\Program Files\NetSoftware\IEHelper.dll [2010-08-28 106496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-10-28 7862816]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-12-30 22:31:35 ----D---- C:\rsit
2010-12-30 22:31:35 ----D---- C:\Program Files\trend micro
2010-12-29 16:47:46 ----D---- C:\Users\Kubaj\AppData\Roaming\Malwarebytes
2010-12-29 16:47:44 ----D---- C:\ProgramData\Malwarebytes
2010-12-28 23:39:47 ----D---- C:\Program Files\Lavalys
2010-12-21 12:21:29 ----A---- C:\Windows\system32\javaws.exe
2010-12-21 12:21:29 ----A---- C:\Windows\system32\javaw.exe
2010-12-21 12:21:29 ----A---- C:\Windows\system32\java.exe
2010-12-15 21:26:37 ----D---- C:\ProgramData\EscapeTheMuseum
2010-12-15 12:51:50 ----D---- C:\Program Files\Common Files\Java
2010-12-15 09:14:24 ----A---- C:\Windows\system32\tzres.dll
2010-12-15 09:14:19 ----A---- C:\Windows\system32\iertutil.dll
2010-12-15 09:14:18 ----A---- C:\Windows\system32\mstime.dll
2010-12-15 09:14:17 ----A---- C:\Windows\system32\mshtml.dll
2010-12-15 09:14:15 ----A---- C:\Windows\system32\ieframe.dll
2010-12-15 09:14:14 ----A---- C:\Windows\system32\wininet.dll
2010-12-15 09:14:14 ----A---- C:\Windows\system32\urlmon.dll
2010-12-15 09:14:14 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-15 09:14:14 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-15 09:14:14 ----A---- C:\Windows\system32\ieui.dll
2010-12-15 09:14:14 ----A---- C:\Windows\system32\iepeers.dll
2010-12-15 09:14:14 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-15 09:14:13 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-15 09:14:13 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-15 09:14:13 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-15 09:14:13 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-15 09:14:09 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 09:14:09 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 09:14:09 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 09:14:09 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 09:14:09 ----A---- C:\Windows\system32\schtasks.exe
2010-12-15 09:14:09 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 09:14:01 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 09:14:01 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 09:13:55 ----A---- C:\Windows\system32\webio.dll
2010-12-15 09:13:51 ----A---- C:\Windows\system32\consent.exe
2010-12-15 09:13:50 ----A---- C:\Windows\system32\oleaut32.dll
2010-12-15 09:13:49 ----A---- C:\Windows\system32\win32k.sys
2010-12-12 14:01:36 ----D---- C:\Program Files\VideoLAN
2010-12-11 18:23:51 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-12-11 13:58:16 ----D---- C:\Windows\system32\drivers\NSS
2010-12-11 13:58:16 ----D---- C:\Program Files\Norton Security Scan
2010-12-11 13:58:14 ----D---- C:\Program Files\NortonInstaller
======List of files/folders modified in the last 1 months======
2010-12-30 22:31:39 ----D---- C:\Windows\Prefetch
2010-12-30 22:31:36 ----D---- C:\Windows\Temp
2010-12-30 22:31:35 ----RD---- C:\Program Files
2010-12-30 18:59:11 ----D---- C:\Windows\System32
2010-12-30 18:59:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-30 18:59:10 ----D---- C:\Windows\inf
2010-12-30 15:51:46 ----D---- C:\Windows\system32\config
2010-12-30 15:44:14 ----SHD---- C:\System Volume Information
2010-12-30 15:39:54 ----D---- C:\Windows\rescache
2010-12-29 22:26:15 ----D---- C:\Windows\system32\LogFiles
2010-12-29 22:25:25 ----D---- C:\ProgramData\AlawarWrapper
2010-12-29 22:25:25 ----AHD---- C:\ProgramData
2010-12-29 16:54:34 ----D---- C:\Program Files\Internet Explorer
2010-12-29 16:52:47 ----D---- C:\Windows\system32\drivers
2010-12-29 16:40:08 ----D---- C:\Windows\winsxs
2010-12-29 16:37:13 ----D---- C:\Windows
2010-12-29 16:05:25 ----D---- C:\Users\Kubaj\AppData\Roaming\Winamp
2010-12-29 16:05:21 ----D---- C:\Windows\Minidump
2010-12-29 16:05:21 ----D---- C:\Windows\debug
2010-12-29 15:58:24 ----D---- C:\Users\Kubaj\AppData\Roaming\uTorrent
2010-12-29 15:47:44 ----D---- C:\Program Files\uTorrent
2010-12-28 23:52:58 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-21 12:21:36 ----SHD---- C:\Windows\Installer
2010-12-21 12:21:27 ----D---- C:\Program Files\Java
2010-12-18 07:48:21 ----D---- C:\Windows\system32\catroot2
2010-12-18 07:47:51 ----D---- C:\Program Files\Microsoft Silverlight
2010-12-15 19:02:10 ----D---- C:\bwinPoker
2010-12-15 18:57:53 ----D---- C:\Windows\system32\sk-SK
2010-12-15 18:57:53 ----D---- C:\Windows\system32\en-US
2010-12-15 18:57:53 ----D---- C:\Windows\system32\cs-CZ
2010-12-15 18:57:53 ----D---- C:\Program Files\Windows Mail
2010-12-15 18:57:52 ----D---- C:\Windows\system32\migration
2010-12-15 18:55:30 ----D---- C:\ProgramData\Microsoft Help
2010-12-15 18:54:06 ----D---- C:\Windows\system32\catroot
2010-12-15 18:52:32 ----A---- C:\Windows\system32\MRT.exe
2010-12-15 12:51:50 ----D---- C:\Program Files\Common Files
2010-12-15 11:53:25 ----D---- C:\Windows\system32\NDF
2010-12-11 18:22:27 ----D---- C:\ProgramData\Symantec
2010-12-11 13:58:20 ----D---- C:\Windows\Tasks
2010-12-11 13:58:20 ----D---- C:\Windows\system32\Tasks
2010-12-11 13:58:16 ----D---- C:\ProgramData\Norton
2010-12-11 13:29:30 ----SD---- C:\Users\Kubaj\AppData\Roaming\Microsoft
2010-12-11 13:26:14 ----D---- C:\MosaicApp
2010-12-11 10:58:29 ----D---- C:\Windows\system32\Macromed
2010-12-10 13:19:56 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-07-23 14392]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-03 691696]
R1 BS_I2cIo;BS_I2cIo; \??\C:\Windows\system32\drivers\BS_I2cIo.sys [2008-06-16 17024]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R2 aksfridge;aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [2009-08-20 356864]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2009-12-09 588800]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-10-28 2785568]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 ajwfklyc;ajwfklyc; C:\Windows\system32\drivers\ajwfklyc.sys []
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 hasplms;Sentinel HASP License Manager; C:\Windows\system32\hasplms.exe [2009-12-16 3750400]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2010-10-16 600680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 33584]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
