VIRY.CZ

Dobry den, nevim, zda jsem se obratil na spravne misto ale uz opravdu nevim, v cem je problem, mozna se jedna o nejakeho worma ci nejaky jiny problem :

na uvod bych napsal neco o me PC sestave.

Deska : MB Asus P7P55D-E - Intel P55, DDR3, s.1156 ATX
Procesor : CPU Intel Core i5-760 (2.8 GHz, LGA 1156) BOX
Pamet : 2x RAM Corsair 2x2GB DDR3 1600 MHz XMS3 DHX 8-8-8-24 (CMX4GX3M2
Grafika : Radeon HD5850
Internet : 50Mbit

takt : procak na 3,81Ghz, stabilni, otestovano - LinX. (BIOS,zadny utilitky..) + samozrejme jiny chladic
grafika v MSI afterburner z 700/1000 -> 850/1250, stabilni, otestovano - FurMark, 3Dmark vantage, taktovano bez zmeny napeti


Pri hrani her - abych byl konkrektni a lepe se orientovalo : Starcraft 2

Za normalni situace je rozdil v FPS pri nastaveni detailu obrovsky - testoval jsem to bez vsync pro vyniknuti rozdilu a mel jsem okolo 280 na low a asi 135 FPS na extreme..)

Problem :

Pri hrani + :

otevreni napr. prohlizece, zapnuti youtube, zapnuti kratkeho videa v pc dojde k poklesu FPS na 39-40 - bez ohledu na zatez aplikace, jediny program, ktery jsem zkousel a tuto vec nedela je Winamp..

- pri vetsim vytizeni starcraftu (vetsich bitvach) klesne fps jeste o neco nize...

nevim, cim toto muze byt zpusobeno, vzdy klesne na tu samou hranici (pri vypnuti aplikace na pozadi se navrati fps do beznych hodnot)

problem je v tom, ze kdyz ve windows otevru 20 aplikaci tak se nic nestane a v ramci moznosti to jede plynule.. ale jakmile otevru nejakou aplikaci na fullscreen jako napr hru a pak ve win i sebemensi low fps zrout tak mi v te fullscreen aplikaci rapidne klesne fps.. (windowed mode nic nevyresil)

bavil jsem se o tom s par lidmi a nikdo nevi jak poradit


zkousel jsem problem vyresit :

- reinstalaci grafickych driveru, stazenim noveho MSI afterburner

- graficke drivery mam nainstalovane bez catalystu, jelikoz ten mi v zatezi z jakychsi duvodu menil napeti graficke karty a malem mi ji upekl, tak jsem ho smazal a doporucovali mi to i lidi na forech

- zkousel jsem Starcraft ve spravci uloh nastavit na nejvyssi prioritu ci ,,realny cas" a vubec nic se nezmenilo...

- projeti antivirem, windows defenderem, adawarem

Chtel jsem vyuzivat streamovani Starcraftu pres Owned tv ale neni to mozne, jelikoz mi program Xsplitbroadcaster pusteny na pozadi zere fps jako vyse zminovane aplikace.

---

pridavam log Hijackthis v2.0.2 :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:10, on 27.1.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Users\Andrew\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\QIP 2010\qip.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Kone] "C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2010\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: EVEREST Ultimate Edition.lnk = C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: S&end to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O13 - Gopher Prefix:
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.euro.dell.com/systemprof ... emLite.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) Extreme Tuning Utility (XTUService) - Intel Corporation - C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

--
End of file - 9947 bytes


EDIT : + RSIT log


Logfile of random's system information tool 1.08 (written by random/random)
Run by Andrew at 2011-01-27 12:53:38
Microsoft Windows 7 Ultimate
System drive C: has 421 GB (88%) free of 477 GB
Total RAM: 8190 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:53:39, on 27.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Users\Andrew\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\QIP 2010\qip.exe
C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Andrew.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Kone] "C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2010\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: EVEREST Ultimate Edition.lnk = C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: S&end to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.euro.dell.com/systemprof ... emLite.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) Extreme Tuning Utility (XTUService) - Intel Corporation - C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

--
End of file - 9717 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
atieclxx
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
"C:\Users\Andrew\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe" /crashhandler
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"C:\Program Files (x86)\QIP 2010\qip.exe" /autorun
"C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe"
"C:\Windows\System32\CtHelper.exe"
"C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Andrew\AppData\Local\Google\Chrome\Application\8.0.552.237\gcswf32.dll" --lang=cs --plugin-data-dir="C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default" --channel=4072.0664E84C.170114949 /prefetch:4
"C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_6/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=4072.06D45C00.598208340 /prefetch:3
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Andrew\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-177400242-4199771672-94652025-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-177400242-4199771672-94652025-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-01-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AsioReg"=REGSVR32.EXE /S CTASIO.DLL []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 136176]
"RegistryBooster"=C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe delay 20000 []
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"Infium"=C:\Program Files (x86)\QIP 2010\qip.exe [2010-11-24 5853056]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"=REGSVR32.EXE /S CTASIO.DLL []
"CTHelper"=CTHELPER.EXE []
"CTxfiHlp"=CTXFIHLP.EXE []
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2009-10-19 36864]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-01-22 106496]
"QFan Help"=C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [2010-03-25 611968]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"Kone"=C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE [2009-09-15 180224]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-09-21 2583040]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"AsioReg"=REGSVR32 /S CTASIO.DLL []
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]

C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
EVEREST Ultimate Edition.lnk - C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-01-27 12:53:38 ----D---- C:\rsit
2011-01-27 12:53:38 ----D---- C:\Program Files\trend micro
2011-01-26 12:55:23 ----D---- C:\Program Files (x86)\MSI Afterburner
2011-01-26 12:53:05 ----D---- C:\Program Files\Common Files\ATI Technologies
2011-01-26 12:52:07 ----D---- C:\Program Files\ATI Technologies
2011-01-25 20:38:50 ----D---- C:\Program Files\CPUID
2011-01-25 20:38:50 ----A---- C:\Windows\system32\drivers\cpuz134_x64.sys
2011-01-25 19:41:51 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-01-25 19:41:51 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-01-25 19:41:51 ----A---- C:\Windows\SYSWOW64\java.exe
2011-01-25 19:28:14 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
2011-01-25 19:03:07 ----A---- C:\Windows\system32\aswBoot.exe
2011-01-16 19:25:06 ----DC---- C:\Windows\system32\DRVSTORE
2011-01-13 23:04:55 ----D---- C:\Users\Andrew\AppData\Roaming\Vara Software
2011-01-13 23:04:54 ----D---- C:\Users\Andrew\AppData\Roaming\Wirecast
2011-01-13 23:04:53 ----D---- C:\ProgramData\Telestream
2011-01-13 23:04:53 ----D---- C:\ProgramData\eSellerate
2011-01-13 23:03:05 ----D---- C:\Program Files (x86)\Ustream
2011-01-13 23:02:03 ----D---- C:\ProgramData\Apple Computer
2011-01-13 23:02:03 ----D---- C:\Program Files (x86)\QuickTime
2011-01-13 23:01:19 ----D---- C:\ProgramData\Apple
2011-01-13 23:01:19 ----D---- C:\Program Files (x86)\Apple Software Update
2011-01-13 21:29:55 ----D---- C:\Program Files (x86)\SplitMediaLabs
2011-01-13 20:24:35 ----D---- C:\Users\Andrew\AppData\Roaming\TeamViewer
2011-01-13 20:22:59 ----D---- C:\Program Files (x86)\TeamViewer
2011-01-13 19:07:17 ----D---- C:\ProgramData\SplitMediaLabs
2011-01-12 17:08:44 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2011-01-12 17:08:44 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2011-01-12 17:08:44 ----A---- C:\Windows\system32\XpsPrint.dll
2011-01-12 17:08:44 ----A---- C:\Windows\system32\WMVDECOD.DLL
2011-01-12 17:08:44 ----A---- C:\Windows\system32\mf.dll
2011-01-12 17:08:44 ----A---- C:\Windows\system32\DWrite.dll
2011-01-12 17:08:44 ----A---- C:\Windows\system32\d3d10warp.dll
2011-01-12 17:08:44 ----A---- C:\Windows\system32\d2d1.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\XpsRasterService.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\mfreadwrite.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\mf.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\d3d10_1core.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\mfps.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\FntCache.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-01-12 17:08:43 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-01-12 17:08:43 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\d3d10_1.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\cdd.dll
2011-01-12 17:08:31 ----A---- C:\Windows\SYSWOW64\odbc32.dll
2011-01-12 17:08:31 ----A---- C:\Windows\system32\odbc32.dll
2011-01-10 11:46:15 ----AH---- C:\aaw7boot.cmd
2011-01-10 10:38:45 ----A---- C:\Windows\system32\drivers\SBREDrv.sys
2011-01-10 10:36:56 ----D---- C:\ProgramData\Lavasoft

======List of files/folders modified in the last 1 months======

2011-01-27 12:53:39 ----D---- C:\Windows\Temp
2011-01-27 12:53:39 ----D---- C:\Windows\Prefetch
2011-01-27 12:53:38 ----RD---- C:\Program Files
2011-01-27 12:46:54 ----D---- C:\Windows\system32\config
2011-01-27 12:41:03 ----D---- C:\Windows\System32
2011-01-27 12:41:03 ----D---- C:\Windows\inf
2011-01-27 12:41:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-27 12:37:51 ----D---- C:\Windows\system32\Tasks
2011-01-27 12:37:01 ----D---- C:\Program Files (x86)\QIP 2010
2011-01-26 12:55:29 ----D---- C:\Windows
2011-01-26 12:55:23 ----RD---- C:\Program Files (x86)
2011-01-26 12:53:08 ----SHD---- C:\Windows\Installer
2011-01-26 12:53:05 ----D---- C:\Program Files\Common Files
2011-01-26 12:53:05 ----D---- C:\Program Files (x86)\Common Files
2011-01-26 12:53:02 ----D---- C:\Windows\system32\catroot
2011-01-26 12:52:57 ----D---- C:\Windows\SysWOW64
2011-01-26 12:52:49 ----D---- C:\Windows\system32\drivers
2011-01-26 12:52:44 ----D---- C:\Windows\system32\DriverStore
2011-01-26 12:48:54 ----D---- C:\Windows\system32\catroot2
2011-01-26 12:44:29 ----SHD---- C:\System Volume Information
2011-01-26 10:35:26 ----D---- C:\Users\Andrew\AppData\Roaming\uTorrent
2011-01-26 00:47:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-01-26 00:47:06 ----D---- C:\Windows\SYSWOW64\drivers
2011-01-26 00:47:06 ----D---- C:\Program Files (x86)\ASUS
2011-01-25 23:02:58 ----D---- C:\Windows\winsxs
2011-01-25 19:42:49 ----SD---- C:\Users\Andrew\AppData\Roaming\Microsoft
2011-01-25 19:41:48 ----D---- C:\Program Files (x86)\Java
2011-01-25 19:28:50 ----A---- C:\Windows\NeroDigital.ini
2011-01-17 06:12:40 ----HD---- C:\ProgramData
2011-01-16 20:30:05 ----D---- C:\Users\Andrew\AppData\Roaming\Skype
2011-01-16 20:05:59 ----RD---- C:\Program Files (x86)\Skype
2011-01-16 19:47:56 ----D---- C:\Users\Andrew\AppData\Roaming\skypePM
2011-01-13 23:02:13 ----D---- C:\Program Files (x86)\Internet Explorer
2011-01-13 17:45:10 ----D---- C:\Users\Andrew\AppData\Roaming\mIRC
2011-01-13 17:44:25 ----D---- C:\Program Files (x86)\mIRC
2011-01-13 12:34:36 ----D---- C:\Users\Andrew\AppData\Roaming\BSplayer
2011-01-13 09:47:32 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2011-01-12 20:01:47 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2009-10-19 115312]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-20 834544]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2010-04-22 13440]
R1 AsUpIO;AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [2009-07-06 13368]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-01-13 29264]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-01-13 273488]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-01-13 51792]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-01-13 20560]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-12-19 314016]
R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
R2 IOCBIOS;IOCBIOS; \??\C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-02-03 30384]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-12-19 43680]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-08-14 11576]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
R3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2010-03-30 26752]
R3 KoneFltr;ROCCAT Kone; C:\Windows\system32\drivers\Kone.sys [2008-12-11 15488]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
R3 RTCore64;RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-08-31 14648]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
R3 smbusp;Intel(R) SMBus 2.0 Driver; C:\Windows\system32\DRIVERS\intelsmb.sys [2010-01-20 36224]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]
S1 EIO64;EIO Driver; C:\Windows\system32\DRIVERS\EIO64.sys []
S3 agdh03mb;agdh03mb; C:\Windows\system32\drivers\agdh03mb.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\Windows\system32\drivers\asusgsb.sys [2009-02-17 17792]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 125456]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\Windows\system32\COMMONFX.DLL [2007-04-12 151296]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\Windows\system32\CT20XUT.DLL [2007-04-10 252712]
S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2007-04-10 580904]
S3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2007-04-10 863016]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\Windows\system32\CTAUDFX.DLL [2007-04-10 700200]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\Windows\system32\CTEAPSFX.DLL [2007-04-10 219432]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\Windows\system32\CTEDSPFX.DLL [2007-04-10 321832]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\Windows\system32\CTEDSPIO.DLL [2007-04-10 190248]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\Windows\system32\CTEDSPSY.DLL [2007-04-10 363304]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\Windows\system32\CTERFXFX.DLL [2007-04-10 142120]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\Windows\system32\CTEXFIFX.DLL [2007-04-10 1571112]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\Windows\system32\CTHWIUT.DLL [2007-04-10 123688]
S3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2007-04-10 17192]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\Windows\system32\CTSBLFX.DLL [2007-04-10 681256]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2007-04-10 290600]
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver; C:\Windows\system32\DRIVERS\E1G6032E.sys [2009-06-10 145792]
S3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2007-04-10 147752]
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys [2008-04-22 12744]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\Windows\system32\drivers\ha10kx2k.sys [2007-04-10 1359144]
S3 hap16v2k;Creative P16V HAL Driver; C:\Windows\system32\drivers\hap16v2k.sys [2007-04-10 259880]
S3 hap17v2k;Creative P17V HAL Driver; C:\Windows\system32\drivers\hap17v2k.sys [2007-04-10 295208]
S3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2007-04-10 218408]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-11-26 203776]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R2 XTUService;Intel(R) Extreme Tuning Utility; C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-04-09 22280]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-19 1255736]

-----------------EOF-----------------

Zdravím
Problémy her se zde nezabýváme, ale aspon na viry můžeme mrknout

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5631

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.1.2011 21:31:25
mbam-log-2011-01-28 (21-31-24).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 420693
Uplynulý čas: 31 minut, 3 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)




clear

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 11-01-28.01 - Andrew 28.01.2011 22:28:21.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.8190.6500 [GMT 1:00]
Spuštěný z: c:\users\Andrew\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\jestertb.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-28 do 2011-01-28 )))))))))))))))))))))))))))))))
.

2011-01-28 21:31 . 2011-01-28 21:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-28 19:47 . 2011-01-28 19:47 -------- d-----w- c:\users\Andrew\AppData\Roaming\Malwarebytes
2011-01-28 19:47 . 2011-01-28 19:47 -------- d-----w- c:\programdata\Malwarebytes
2011-01-28 19:47 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-28 15:58 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5FFD82F-3B51-4660-AD0C-0A326E8C289D}\mpengine.dll
2011-01-27 19:23 . 2011-01-27 19:23 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-01-27 19:22 . 2011-01-27 19:22 -------- d-----w- c:\program files\ATI
2011-01-27 19:22 . 2011-01-27 19:22 -------- d-----w- c:\program files\ATI Technologies
2011-01-27 11:53 . 2011-01-27 11:53 -------- d-----w- C:\rsit
2011-01-27 11:53 . 2011-01-27 11:53 -------- d-----w- c:\program files\trend micro
2011-01-26 11:55 . 2011-01-28 17:56 -------- d-----w- c:\program files (x86)\MSI Afterburner
2011-01-25 19:38 . 2011-01-25 19:38 -------- d-----w- c:\program files\CPUID
2011-01-25 19:38 . 2010-07-09 12:19 21480 ----a-w- c:\windows\system32\drivers\cpuz134_x64.sys
2011-01-25 18:28 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-01-25 18:03 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-16 18:25 . 2011-01-16 18:46 -------- dc----w- c:\windows\system32\DRVSTORE
2011-01-13 22:04 . 2011-01-13 22:04 -------- d-----w- c:\users\Andrew\AppData\Roaming\Vara Software
2011-01-13 22:04 . 2011-01-14 09:53 -------- d-----w- c:\users\Andrew\AppData\Roaming\Wirecast
2011-01-13 22:04 . 2011-01-13 22:04 -------- d-----w- c:\programdata\Telestream
2011-01-13 22:04 . 2011-01-13 22:04 -------- d-----w- c:\programdata\eSellerate
2011-01-13 22:04 . 2011-01-13 22:04 -------- d-----w- c:\program files (x86)\Common Files\eSellerate
2011-01-13 22:03 . 2011-01-13 22:03 -------- d-----w- c:\program files (x86)\Ustream
2011-01-13 22:02 . 2011-01-13 22:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-01-13 22:02 . 2011-01-13 22:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-01-13 22:02 . 2011-01-13 22:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-01-13 22:02 . 2011-01-13 22:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-01-13 22:02 . 2011-01-13 22:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-01-13 22:02 . 2011-01-13 22:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-01-13 22:02 . 2011-01-13 22:02 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-01-13 22:02 . 2011-01-13 22:02 -------- d-----w- c:\program files (x86)\QuickTime
2011-01-13 22:02 . 2011-01-13 22:02 -------- d-----w- c:\programdata\Apple Computer
2011-01-13 22:01 . 2011-01-13 22:01 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-01-13 22:01 . 2011-01-13 22:01 -------- d-----w- c:\users\Andrew\AppData\Local\Apple
2011-01-13 22:01 . 2011-01-13 22:01 -------- d-----w- c:\programdata\Apple
2011-01-13 22:01 . 2011-01-13 22:01 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-01-13 20:29 . 2011-01-13 20:29 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2011-01-13 19:24 . 2011-01-13 19:24 -------- d-----w- c:\users\Andrew\AppData\Roaming\TeamViewer
2011-01-13 19:22 . 2011-01-13 19:22 -------- d-----w- c:\program files (x86)\TeamViewer
2011-01-13 18:07 . 2011-01-13 18:07 -------- d-----w- c:\programdata\SplitMediaLabs
2011-01-10 10:46 . 2011-01-10 10:46 608 ---ha-w- C:\aaw7boot.cmd
2011-01-10 09:38 . 2011-01-10 09:38 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-10 09:37 . 2011-01-10 09:37 -------- d-----w- c:\users\Andrew\AppData\Local\Sunbelt Software
2011-01-10 09:36 . 2011-01-16 18:46 -------- d-----w- c:\programdata\Lavasoft
2011-01-05 03:37 . 2011-01-05 03:37 8283136 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-01-05 03:22 . 2011-01-05 03:22 22100480 ----a-w- c:\windows\system32\atio6axx.dll
2011-01-05 03:03 . 2011-01-05 03:03 17043968 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-01-05 03:02 . 2011-01-05 03:02 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-05 03:02 . 2011-01-05 03:02 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-01-05 02:58 . 2011-01-05 02:58 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-05 02:58 . 2011-01-05 02:58 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-05 02:57 . 2011-01-05 02:57 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-05 02:56 . 2011-01-05 02:56 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-01-05 02:56 . 2011-01-05 02:56 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-01-05 02:56 . 2011-01-05 02:56 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-01-05 02:55 . 2011-01-05 02:55 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-01-05 02:55 . 2011-01-05 02:55 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-05 02:55 . 2011-01-05 02:55 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-01-05 02:55 . 2011-01-05 02:55 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-01-05 02:52 . 2011-01-05 02:52 4101632 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-01-05 02:33 . 2011-01-05 02:33 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-01-05 02:33 . 2011-01-05 02:33 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-01-05 02:33 . 2011-01-05 02:33 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-01-05 02:33 . 2011-01-05 02:33 4162048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-01-05 02:33 . 2011-01-05 02:33 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-01-05 02:33 . 2011-01-05 02:33 6815232 ----a-w- c:\windows\system32\aticaldd64.dll
2011-01-05 02:32 . 2011-01-05 02:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-01-05 02:32 . 2011-01-05 02:32 3218944 ----a-w- c:\windows\system32\atiumd6a.dll
2011-01-05 02:31 . 2011-01-05 02:31 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-01-05 02:27 . 2011-01-05 02:27 5305856 ----a-w- c:\windows\system32\atiumd64.dll
2011-01-05 02:25 . 2011-01-05 02:25 3461120 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-01-05 02:19 . 2011-01-05 02:19 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-01-05 02:19 . 2011-01-05 02:19 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-01-05 02:19 . 2011-01-05 02:19 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-05 02:19 . 2011-01-05 02:19 32256 ----a-w- c:\windows\system32\atig6txx.dll
2011-01-05 02:19 . 2011-01-05 02:19 27648 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-01-05 02:19 . 2011-01-05 02:19 294400 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-01-05 02:18 . 2011-01-05 02:18 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-01-05 02:18 . 2011-01-05 02:18 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-01-05 02:18 . 2011-01-05 02:18 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-01-05 02:17 . 2011-01-05 02:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-05 02:11 . 2011-01-05 02:11 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-01-05 02:11 . 2011-01-05 02:11 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-01-05 02:11 . 2011-01-05 02:11 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-01-05 02:11 . 2011-01-05 02:11 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-08-19 08:53 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-08-19 08:53 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-01-13 08:41 . 2010-08-19 08:54 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-08-19 08:54 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-08-19 08:54 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-08-19 08:53 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-08-19 08:54 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-05 03:01 . 2010-07-07 01:53 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-01-05 02:43 . 2010-07-07 01:37 4844544 ----a-w- c:\windows\system32\atidxx64.dll
2011-01-05 02:28 . 2010-07-07 01:24 58880 ----a-w- c:\windows\system32\coinst.dll
2011-01-05 02:20 . 2010-10-27 01:14 353792 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-05 02:20 . 2010-11-26 02:17 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-01-05 02:18 . 2010-10-27 01:13 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2010-12-19 11:10 . 2010-12-19 11:10 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-12-19 11:10 . 2010-12-19 11:10 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-12 17:53 . 2010-09-02 07:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-11-04 06:35 . 2010-12-15 17:09 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-15 17:09 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-15 17:09 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-15 17:09 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-15 17:09 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-15 17:09 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-15 17:09 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-15 17:09 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-15 17:09 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-15 17:09 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:17 . 2010-12-15 17:09 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:16 . 2010-12-15 17:09 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-15 17:09 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-15 17:09 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-15 17:09 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-15 17:09 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-15 17:09 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-15 17:09 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
.

------- Sigcheck -------

[-] 2010-08-19 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] . . c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[-] 2010-08-19 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] . . c:\windows\system32\user32.dll

[-] 2010-08-19 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] . . c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[-] 2010-08-19 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] . . c:\windows\system32\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-19 136176]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Infium"="c:\program files (x86)\QIP 2010\qip.exe" [2010-11-24 5853056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-10-19 36864]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968]
"Kone"="c:\program files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE" [2009-09-15 180224]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EVEREST Ultimate Edition.lnk - c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe [2010-8-22 2465888]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-04-22 12744]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-19 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-20 834544]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-05 203776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-02-03 30384]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-08-14 11576]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 XTUService;Intel(R) Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-04-09 22280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-05 8283136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-05 294400]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2010-03-30 26752]
S3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [2008-12-11 15488]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-08-31 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]

.
Obsah adresáře 'Naplánované úlohy'

2011-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-177400242-4199771672-94652025-1000Core.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 08:50]

2011-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-177400242-4199771672-94652025-1000UA.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 08:50]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: S&end to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKCU-Run-RegistryBooster - c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe
Wow6432Node-HKLM-Run-AsioThk32Reg - CTASIO.DLL
Wow6432Node-HKLM-Run-CTHelper - CTHELPER.EXE
Wow6432Node-HKLM-Run-CTxfiHlp - CTXFIHLP.EXE
Wow6432Node-HKLM-Run-AsioReg - CTASIO.DLL
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-AsioReg - CTASIO.DLL



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-01-28 22:32:19
ComboFix-quarantined-files.txt 2011-01-28 21:32

Před spuštěním: Volných bajtů: 442 554 253 312
Po spuštění: Volných bajtů: 445 597 069 312

- - End Of File - - 0B8A1D0C8649809F2E77F66A237629A2

Otestujte na www.virustotal.com

c:\windows\system32\user32.dll




-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

File name: user32.dll
Submission date: 2011-01-28 22:41:35 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)
VT Community

goodware
Safety score: 100.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.01.27.01 2011.01.27 -
AntiVir 7.11.2.31 2011.01.28 -
Antiy-AVL 2.0.3.7 2011.01.28 -
Avast 4.8.1351.0 2011.01.28 -
Avast5 5.0.677.0 2011.01.28 -
AVG 10.0.0.1190 2011.01.28 -
BitDefender 7.2 2011.01.28 -
CAT-QuickHeal 11.00 2011.01.28 -
ClamAV 0.96.4.0 2011.01.28 -
Commtouch 5.2.11.5 2011.01.28 -
Comodo 7527 2011.01.28 -
DrWeb 5.0.2.03300 2011.01.28 -
Emsisoft 5.1.0.1 2011.01.28 -
eSafe 7.0.17.0 2011.01.27 -
eTrust-Vet 36.1.8126 2011.01.28 -
F-Prot 4.6.2.117 2011.01.28 -
F-Secure 9.0.16160.0 2011.01.28 -
Fortinet 4.2.254.0 2011.01.28 -
GData 21 2011.01.28 -
Ikarus T3.1.1.97.0 2011.01.28 -
Jiangmin 13.0.900 2011.01.28 -
K7AntiVirus 9.78.3675 2011.01.28 -
Kaspersky 7.0.0.125 2011.01.28 -
McAfee 5.400.0.1158 2011.01.28 -
McAfee-GW-Edition 2010.1C 2011.01.28 -
Microsoft 1.6502 2011.01.28 -
NOD32 5828 2011.01.28 -
Norman 6.06.12 2011.01.28 -
nProtect 2011-01-18.01 2011.01.18 -
Panda 10.0.3.5 2011.01.28 -
PCTools 7.0.3.5 2011.01.27 -
Prevx 3.0 2011.01.28 -
Rising 23.42.04.06 2011.01.28 -
Sophos 4.61.0 2011.01.28 -
SUPERAntiSpyware 4.40.0.1006 2011.01.28 -
Symantec 20101.3.0.103 2011.01.28 -
TheHacker 6.7.0.1.120 2011.01.26 -
TrendMicro 9.120.0.1004 2011.01.28 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.28 -
VBA32 3.12.14.3 2011.01.26 -
VIPRE 8231 2011.01.28 -
ViRobot 2011.1.28.4280 2011.01.28 -
VirusBuster 13.6.170.3 2011.01.28

additional inf.

Additional informationShow all
MD5 : 861c4346f9281dc0380de72c8d55d6be
SHA1 : 5b3ee1ced88a74c2877c0364699cce0323adc322
SHA256: fdc6b8e08ae234fa4302b6552a3935714755fe51d11b8dd3e3c24415e1ed8731
ssdeep: 12288:jGJQbCfvseE2rB+NR3mPOENHaXtbPtWWP5L+s5ENOeQiV1Li/km:mRNrsR3lFPtWYLeYe
XV1i/km
File size : 833024 bytes
First seen: 2010-02-15 03:49:02
Last seen : 2011-01-28 22:41:35
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Multi-User Windows USER API Client DLL
original name: user32
internal name: user32
file version.: 6.1.7600.16385 (win7_rtm.090713-1255)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1AE99
timedatestamp....: 0x4A5BDB3C (Tue Jul 14 01:11:24 2009)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x10000, 0x6CB2C, 0x6CC00, 6.61, 9baa52e84a31021720e3321c7f7ef7cb
.data, 0x80000, 0xFE0, 0x1000, 1.71, c09d5b23ed86152e6261cc1dc52338dd
.rsrc, 0x90000, 0x5A278, 0x5A400, 5.52, 1b6e38ff4f46b485e935ce48452726f8
.reloc, 0xF0000, 0x31A0, 0x3200, 6.75, 6788a26b22a013ff0a680536670bbb1b

[[ 4 import(s) ]]
ntdll.dll: NtOpenKey, wcscat_s, wcscpy_s, NtEnumerateKey, RtlOpenCurrentUser, RtlFreeHeap, RtlAllocateHeap, memcpy, memset, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlUnicodeToMultiByteN, RtlMultiByteToUnicodeN, RtlReleaseActivationContext, RtlFindActivationContextSectionString, RtlDeactivateActivationContextUnsafeFast, RtlActivateActivationContextUnsafeFast, wcstol, NtQueryInformationProcess, NtQuerySecurityObject, NtSetSecurityObject, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlCreateUnicodeStringFromAsciiz, RtlQueryInformationActiveActivationContext, _vsnwprintf, NtVdmControl, wcstoul, NtOpenDirectoryObject, NtDeleteValueKey, NtSetValueKey, NtCreateKey, NtYieldExecution, RtlIsThreadWithinLoaderCallout, _wcsicmp, _stricmp, RtlGetIntegerAtom, NtProtectVirtualMemory, RtlRetrieveNtUserPfn, RtlInitializeNtUserPfn, RtlDeleteCriticalSection, NtQuerySystemInformation, RtlInitializeCriticalSection, _allshr, RtlUnicodeToMultiByteSize, _allmul, NtCallbackReturn, _chkstk, memmove, NtQueryInformationToken, NtOpenProcessToken, NtOpenThreadToken, RtlNtStatusToDosError, CsrClientCallServer, CsrFreeCaptureBuffer, CsrCaptureMessageBuffer, CsrAllocateCaptureBuffer, RtlFreeSid, RtlAllocateAndInitializeSid, CsrAllocateMessagePointer, RtlReAllocateHeap, RtlRunDecodeUnicodeString, RtlRunEncodeUnicodeString, RtlGetThreadLangIdByIndex, RtlSizeHeap, strcpy_s, sscanf_s, strrchr, RtlIsNameLegalDOS8Dot3, wcsncat_s, NtRaiseHardError, RtlMultiByteToUnicodeSize, RtlCheckRegistryKey, LdrFlushAlternateResourceModules, qsort, iswspace, wcsncpy_s, wcsrchr, _alldiv, _wtoi, _aulldvrm, NlsAnsiCodePage, RtlImageNtHeader, RtlSetLastWin32Error, RtlUnwind, NtClose, NtQueryValueKey, swprintf_s, RtlInitUnicodeString, RtlUnicodeStringToInteger
GDI32.dll: GetClipRgn, ExtSelectClipRgn, GetHFONT, GetMapMode, SetGraphicsMode, GetClipBox, CreateRectRgn, CreateRectRgnIndirect, SetLayout, GetBoundsRect, ExcludeClipRect, PlayEnhMetaFile, Ellipse, CreateEllipticRgn, GdiFixUpHandle, CreatePen, Rectangle, GetTextCharacterExtra, SetTextCharacterExtra, GetCurrentObject, GetViewportOrgEx, SetViewportOrgEx, PolyPatBlt, CreateBrushIndirect, SetBoundsRect, CopyEnhMetaFileW, CopyMetaFileW, GetPaletteEntries, CreatePalette, SetPaletteEntries, GetPixel, ExtTextOutA, GetTextCharsetInfo, QueryFontAssocStatus, GetCharWidthInfo, GetCharWidthA, GetTextFaceW, GetCharABCWidthsA, GetCharABCWidthsW, SetBrushOrgEx, CreateFontIndirectW, EnumFontsW, GetTextFaceAliasW, GetTextMetricsW, GetTextColor, GdiGetCodePage, GetTextCharset, GetBkMode, GetViewportExtEx, GetWindowExtEx, GdiGetCharDimensions, GdiPrinterThunk, GdiLoadType1Fonts, GdiAddFontResourceW, TranslateCharsetInfo, SaveDC, OffsetWindowOrgEx, RestoreDC, ExtTextOutW, GetDIBits, CreateDIBSection, SetStretchBltMode, SelectPalette, RealizePalette, SetDIBits, CreateDCW, CreateDIBitmap, CreateCompatibleBitmap, SetBitmapBits, DeleteDC, GdiValidateHandle, GdiDllInitialize, GdiProcessSetup, GetStockObject, CreateSolidBrush, CreateCompatibleDC, GdiConvertBitmapV5, GdiCreateLocalEnhMetaFile, GdiCreateLocalMetaFilePict, GetRgnBox, CombineRgn, OffsetRgn, MirrorRgn, EnableEUDC, GdiConvertToDevmodeW, GetTextExtentPointA, GetTextExtentPointW, CreateBitmap, SetTextAlign, GetTextAlign, IntersectClipRect, SelectObject, SetBkMode, GetBkColor, GetObjectW, SetTextColor, SetBkColor, GetLayout, StretchDIBits, GetDeviceCaps, GetDIBColorTable, GdiGetBitmapBitsSize, DeleteObject, DeleteMetaFile, DeleteEnhMetaFile, GdiConvertMetaFilePict, GdiConvertEnhMetaFile, GdiReleaseDC, StretchBlt, GetObjectType, GdiConvertAndCheckDC, SetRectRgn, BitBlt, TextOutW, TextOutA, PatBlt, SetLayoutWidth
KERNEL32.dll: GetLocaleInfoW, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, LoadLibraryExA, InterlockedCompareExchange, DelayLoadFailureHook, GlobalAddAtomA, GetModuleHandleA, GetModuleFileNameA, GlobalFindAtomA, lstrlenA, GetTickCount, QueryPerformanceFrequency, QueryPerformanceCounter, LCMapStringW, CreateFileMappingW, MapViewOfFile, GetFileSize, UnmapViewOfFile, WerpNotifyLoadStringResource, GetSystemDefaultLangID, RegQueryInfoKeyW, RegEnumValueW, RegOpenKeyExW, RegQueryValueExW, GetVersionExW, IsDBCSLeadByte, WerpNotifyUseStringResource, GetCurrentProcessId, ProcessIdToSessionId, MulDiv, GetThreadLocale, FindFirstFileW, FindNextFileW, FindClose, GetLogicalDrives, lstrlenW, SetCurrentDirectoryW, GetCurrentDirectoryW, ConvertDefaultLocale, IsValidLocale, GetAtomNameW, GetAtomNameA, AddAtomW, AddAtomA, GetSystemWindowsDirectoryW, CreateProcessW, EnumResourceNamesExW, SetFileTime, ReadFile, CloseHandle, FindResourceW, CompareStringW, GetCPInfo, GetStringTypeA, GetStringTypeW, Sleep, FoldStringW, GlobalHandle, CreateThread, GetExitCodeThread, ExitThread, GetCurrentThread, GetCurrentProcess, GlobalAddAtomW, LoadLibraryExW, ExpandEnvironmentStringsW, SearchPathW, GetSystemDirectoryW, IsDBCSLeadByteEx, DisableThreadLibraryCalls, FindResourceExA, FindResourceExW, LoadStringBaseExW, LoadResource, SizeofResource, RegisterWaitForInputIdle, QueryActCtxSettingsW, GetModuleHandleW, GetCurrentThreadId, LoadAppInitDlls, LocalSize, LocalUnlock, LocalLock, LocalReAlloc, GetACP, InterlockedIncrement, GetPrivateProfileStringW, RegSetValueExW, RegCloseKey, RegCreateKeyExW, RegDeleteKeyExW, GetUserDefaultLCID, GlobalUnlock, GlobalLock, GlobalSize, LocalFree, GlobalDeleteAtom, LocalAlloc, DeleteAtom, FreeLibrary, GetProcAddress, LoadLibraryW, InterlockedExchange, GlobalGetAtomNameA, GlobalGetAtomNameW, GetModuleFileNameW, GlobalFree, InterlockedDecrement, GlobalFlags, WideCharToMultiByte, GetLastError, GetOEMCP, GlobalReAlloc, MultiByteToWideChar, GlobalAlloc, WaitForMultipleObjectsEx, SetEvent, CreateFileW, lstrcmpiW, WritePrivateProfileStringW, GlobalFindAtomW, SetLastError
ADVAPI32.dll: CheckTokenMembership

[[ 822 export(s) ]]
ActivateKeyboardLayout, AddClipboardFormatListener, AdjustWindowRect, AdjustWindowRectEx, AlignRects, AllowForegroundActivation, AllowSetForegroundWindow, AnimateWindow, AnyPopup, AppendMenuA, AppendMenuW, ArrangeIconicWindows, AttachThreadInput, BeginDeferWindowPos, BeginPaint, BlockInput, BringWindowToTop, BroadcastSystemMessage, BroadcastSystemMessageA, BroadcastSystemMessageExA, BroadcastSystemMessageExW, BroadcastSystemMessageW, BuildReasonArray, CalcMenuBar, CalculatePopupWindowPosition, CallMsgFilter, CallMsgFilterA, CallMsgFilterW, CallNextHookEx, CallWindowProcA, CallWindowProcW, CancelShutdown, CascadeChildWindows, CascadeWindows, ChangeClipboardChain, ChangeDisplaySettingsA, ChangeDisplaySettingsExA, ChangeDisplaySettingsExW, ChangeDisplaySettingsW, ChangeMenuA, ChangeMenuW, ChangeWindowMessageFilter, ChangeWindowMessageFilterEx, CharLowerA, CharLowerBuffA, CharLowerBuffW, CharLowerW, CharNextA, CharNextExA, CharNextW, CharPrevA, CharPrevExA, CharPrevW, CharToOemA, CharToOemBuffA, CharToOemBuffW, CharToOemW, CharUpperA, CharUpperBuffA, CharUpperBuffW, CharUpperW, CheckDesktopByThreadId, CheckDlgButton, CheckMenuItem, CheckMenuRadioItem, CheckRadioButton, CheckWindowThreadDesktop, ChildWindowFromPoint, ChildWindowFromPointEx, CliImmSetHotKey, ClientThreadSetup, ClientToScreen, ClipCursor, CloseClipboard, CloseDesktop, CloseGestureInfoHandle, CloseTouchInputHandle, CloseWindow, CloseWindowStation, ConsoleControl, ControlMagnification, CopyAcceleratorTableA, CopyAcceleratorTableW, CopyIcon, CopyImage, CopyRect, CountClipboardFormats, CreateAcceleratorTableA, CreateAcceleratorTableW, CreateCaret, CreateCursor, CreateDesktopA, CreateDesktopExA, CreateDesktopExW, CreateDesktopW, CreateDialogIndirectParamA, CreateDialogIndirectParamAorW, CreateDialogIndirectParamW, CreateDialogParamA, CreateDialogParamW, CreateIcon, CreateIconFromResource, CreateIconFromResourceEx, CreateIconIndirect, CreateMDIWindowA, CreateMDIWindowW, CreateMenu, CreatePopupMenu, CreateSystemThreads, CreateWindowExA, CreateWindowExW, CreateWindowStationA, CreateWindowStationW, CsrBroadcastSystemMessageExW, CtxInitUser32, DdeAbandonTransaction, DdeAccessData, DdeAddData, DdeClientTransaction, DdeCmpStringHandles, DdeConnect, DdeConnectList, DdeCreateDataHandle, DdeCreateStringHandleA, DdeCreateStringHandleW, DdeDisconnect, DdeDisconnectList, DdeEnableCallback, DdeFreeDataHandle, DdeFreeStringHandle, DdeGetData, DdeGetLastError, DdeGetQualityOfService, DdeImpersonateClient, DdeInitializeA, DdeInitializeW, DdeKeepStringHandle, DdeNameService, DdePostAdvise, DdeQueryConvInfo, DdeQueryNextServer, DdeQueryStringA, DdeQueryStringW, DdeReconnect, DdeSetQualityOfService, DdeSetUserHandle, DdeUnaccessData, DdeUninitialize, DefDlgProcA, DefDlgProcW, DefFrameProcA, DefFrameProcW, DefMDIChildProcA, DefMDIChildProcW, DefRawInputProc, DefWindowProcA, DefWindowProcW, DeferWindowPos, DeleteMenu, DeregisterShellHookWindow, DestroyAcceleratorTable, DestroyCaret, DestroyCursor, DestroyIcon, DestroyMenu, DestroyReasons, DestroyWindow, DeviceEventWorker, DialogBoxIndirectParamA, DialogBoxIndirectParamAorW, DialogBoxIndirectParamW, DialogBoxParamA, DialogBoxParamW, DisableProcessWindowsGhosting, DispatchMessageA, DispatchMessageW, DisplayConfigGetDeviceInfo, DisplayConfigSetDeviceInfo, DisplayExitWindowsWarnings, DlgDirListA, DlgDirListComboBoxA, DlgDirListComboBoxW, DlgDirListW, DlgDirSelectComboBoxExA, DlgDirSelectComboBoxExW, DlgDirSelectExA, DlgDirSelectExW, DoSoundConnect, DoSoundDisconnect, DragDetect, DragObject, DrawAnimatedRects, DrawCaption, DrawCaptionTempA, DrawCaptionTempW, DrawEdge, DrawFocusRect, DrawFrame, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawMenuBarTemp, DrawStateA, DrawStateW, DrawTextA, DrawTextExA, DrawTextExW, DrawTextW, DwmGetDxSharedSurface, DwmStartRedirection, DwmStopRedirection, EditWndProc, EmptyClipboard, EnableMenuItem, EnableScrollBar, EnableWindow, EndDeferWindowPos, EndDialog, EndMenu, EndPaint, EndTask, EnterReaderModeHelper, EnumChildWindows, EnumClipboardFormats, EnumDesktopWindows, EnumDesktopsA, EnumDesktopsW, EnumDisplayDevicesA, EnumDisplayDevicesW, EnumDisplayMonitors, EnumDisplaySettingsA, EnumDisplaySettingsExA, EnumDisplaySettingsExW, EnumDisplaySettingsW, EnumPropsA, EnumPropsExA, EnumPropsExW, EnumPropsW, EnumThreadWindows, EnumWindowStationsA, EnumWindowStationsW, EnumWindows, EqualRect, ExcludeUpdateRgn, ExitWindowsEx, FillRect, FindWindowA, FindWindowExA, FindWindowExW, FindWindowW, FlashWindow, FlashWindowEx, FrameRect, FreeDDElParam, FrostCrashedWindow, GetActiveWindow, GetAltTabInfo, GetAltTabInfoA, GetAltTabInfoW, GetAncestor, GetAppCompatFlags, GetAppCompatFlags2, GetAsyncKeyState, GetCapture, GetCaretBlinkTime, GetCaretPos, GetClassInfoA, GetClassInfoExA, GetClassInfoExW, GetClassInfoW, GetClassLongA, GetClassLongW, GetClassNameA, GetClassNameW, GetClassWord, GetClientRect, GetClipCursor, GetClipboardData, GetClipboardFormatNameA, GetClipboardFormatNameW, GetClipboardOwner, GetClipboardSequenceNumber, GetClipboardViewer, GetComboBoxInfo, GetCursor, GetCursorFrameInfo, GetCursorInfo, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetDialogBaseUnits, GetDisplayConfigBufferSizes, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetDlgItemTextA, GetDlgItemTextW, GetDoubleClickTime, GetFocus, GetForegroundWindow, GetGUIThreadInfo, GetGestureConfig, GetGestureExtraArgs, GetGestureInfo, GetGuiResources, GetIconInfo, GetIconInfoExA, GetIconInfoExW, GetInputDesktop, GetInputLocaleInfo, GetInputState, GetInternalWindowPos, GetKBCodePage, GetKeyNameTextA, GetKeyNameTextW, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardLayoutNameA, GetKeyboardLayoutNameW, GetKeyboardState, GetKeyboardType, GetLastActivePopup, GetLastInputInfo, GetLayeredWindowAttributes, GetListBoxInfo, GetMagnificationDesktopColorEffect, GetMagnificationDesktopMagnification, GetMagnificationLensCtxInformation, GetMenu, GetMenuBarInfo, GetMenuCheckMarkDimensions, GetMenuContextHelpId, GetMenuDefaultItem, GetMenuInfo, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuItemInfoW, GetMenuItemRect, GetMenuState, GetMenuStringA, GetMenuStringW, GetMessageA, GetMessageExtraInfo, GetMessagePos, GetMessageTime, GetMessageW, GetMonitorInfoA, GetMonitorInfoW, GetMouseMovePointsEx, GetNextDlgGroupItem, GetNextDlgTabItem, GetOpenClipboardWindow, GetParent, GetPhysicalCursorPos, GetPriorityClipboardFormat, GetProcessDefaultLayout, GetProcessWindowStation, GetProgmanWindow, GetPropA, GetPropW, GetQueueStatus, GetRawInputBuffer, GetRawInputData, GetRawInputDeviceInfoA, GetRawInputDeviceInfoW, GetRawInputDeviceList, GetReasonTitleFromReasonCode, GetRegisteredRawInputDevices, GetScrollBarInfo, GetScrollInfo, GetScrollPos, GetScrollRange, GetSendMessageReceiver, GetShellWindow, GetSubMenu, GetSysColor, GetSysColorBrush, GetSystemMenu, GetSystemMetrics, GetTabbedTextExtentA, GetTabbedTextExtentW, GetTaskmanWindow, GetThreadDesktop, GetTitleBarInfo, GetTopLevelWindow, GetTopWindow, GetTouchInputInfo, GetUpdateRect, GetUpdateRgn, GetUpdatedClipboardFormats, GetUserObjectInformationA, GetUserObjectInformationW, GetUserObjectSecurity, GetWinStationInfo, GetWindow, GetWindowCompositionAttribute, GetWindowCompositionInfo, GetWindowContextHelpId, GetWindowDC, GetWindowDisplayAffinity, GetWindowInfo, GetWindowLongA, GetWindowLongW, GetWindowMinimizeRect, GetWindowModuleFileName, GetWindowModuleFileNameA, GetWindowModuleFileNameW, GetWindowPlacement, GetWindowRect, GetWindowRgn, GetWindowRgnBox, GetWindowRgnEx, GetWindowTextA, GetWindowTextLengthA, GetWindowTextLengthW, GetWindowTextW, GetWindowThreadProcessId, GetWindowWord, GhostWindowFromHungWindow, GrayStringA, GrayStringW, HideCaret, HiliteMenuItem, HungWindowFromGhostWindow, IMPGetIMEA, IMPGetIMEW, IMPQueryIMEA, IMPQueryIMEW, IMPSetIMEA, IMPSetIMEW, ImpersonateDdeClientWindow, InSendMessage, InSendMessageEx, InflateRect, InitializeLpkHooks, InsertMenuA, InsertMenuItemA, InsertMenuItemW, InsertMenuW, InternalGetWindowIcon, InternalGetWindowText, IntersectRect, InvalidateRect, InvalidateRgn, InvertRect, IsCharAlphaA, IsCharAlphaNumericA, IsCharAlphaNumericW, IsCharAlphaW, IsCharLowerA, IsCharLowerW, IsCharUpperA, IsCharUpperW, IsChild, IsClipboardFormatAvailable, IsDialogMessage, IsDialogMessageA, IsDialogMessageW, IsDlgButtonChecked, IsGUIThread, IsHungAppWindow, IsIconic, IsMenu, IsProcessDPIAware, IsRectEmpty, IsSETEnabled, IsServerSideWindow, IsThreadDesktopComposited, IsTopLevelWindow, IsTouchWindow, IsWinEventHookInstalled, IsWindow, IsWindowEnabled, IsWindowInDestroy, IsWindowRedirectedForPrint, IsWindowUnicode, IsWindowVisible, IsWow64Message, IsZoomed, KillTimer, LoadAcceleratorsA, LoadAcceleratorsW, LoadBitmapA, LoadBitmapW, LoadCursorA, LoadCursorFromFileA, LoadCursorFromFileW, LoadCursorW, LoadIconA, LoadIconW, LoadImageA, LoadImageW, LoadKeyboardLayoutA, LoadKeyboardLayoutEx, LoadKeyboardLayoutW, LoadLocalFonts, LoadMenuA, LoadMenuIndirectA, LoadMenuIndirectW, LoadMenuW, LoadRemoteFonts, LoadStringA, LoadStringW, LockSetForegroundWindow, LockWindowStation, LockWindowUpdate, LockWorkStation, LogicalToPhysicalPoint, LookupIconIdFromDirectory, LookupIconIdFromDirectoryEx, MBToWCSEx, MB_GetString, MapDialogRect, MapVirtualKeyA, MapVirtualKeyExA, MapVirtualKeyExW, MapVirtualKeyW, MapWindowPoints, MenuItemFromPoint, MenuWindowProcA, MenuWindowProcW, MessageBeep, MessageBoxA, MessageBoxExA, MessageBoxExW, MessageBoxIndirectA, MessageBoxIndirectW, MessageBoxTimeoutA, MessageBoxTimeoutW, MessageBoxW, ModifyMenuA, ModifyMenuW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow, MoveWindow, MsgWaitForMultipleObjects, MsgWaitForMultipleObjectsEx, NotifyOverlayWindow, NotifyWinEvent, OemKeyScan, OemToCharA, OemToCharBuffA, OemToCharBuffW, OemToCharW, OffsetRect, OpenClipboard, OpenDesktopA, OpenDesktopW, OpenIcon, OpenInputDesktop, OpenThreadDesktop, OpenWindowStationA, OpenWindowStationW, PackDDElParam, PaintDesktop, PaintMenuBar, PaintMonitor, PeekMessageA, PeekMessageW, PhysicalToLogicalPoint, PostMessageA, PostMessageW, PostQuitMessage, PostThreadMessageA, PostThreadMessageW, PrintWindow, PrivateExtractIconExA, PrivateExtractIconExW, PrivateExtractIconsA, PrivateExtractIconsW, PrivateRegisterICSProc, PtInRect, QueryDisplayConfig, QuerySendMessage, RealChildWindowFromPoint, RealGetWindowClass, RealGetWindowClassA, RealGetWindowClassW, ReasonCodeNeedsBugID, ReasonCodeNeedsComment, RecordShutdownReason, RedrawWindow, RegisterClassA, RegisterClassExA, RegisterClassExW, RegisterClassW, RegisterClipboardFormatA, RegisterClipboardFormatW, RegisterDeviceNotificationA, RegisterDeviceNotificationW, RegisterErrorReportingDialog, RegisterFrostWindow, RegisterGhostWindow, RegisterHotKey, RegisterLogonProcess, RegisterMessagePumpHook, RegisterPowerSettingNotification, RegisterRawInputDevices, RegisterServicesProcess, RegisterSessionPort, RegisterShellHookWindow, RegisterSystemThread, RegisterTasklist, RegisterTouchWindow, RegisterUserApiHook, RegisterWindowMessageA, RegisterWindowMessageW, ReleaseCapture, ReleaseDC, RemoveClipboardFormatListener, RemoveMenu, RemovePropA, RemovePropW, ReplyMessage, ResolveDesktopForWOW, ReuseDDElParam, ScreenToClient, ScrollChildren, ScrollDC, ScrollWindow, ScrollWindowEx, SendDlgItemMessageA, SendDlgItemMessageW, SendIMEMessageExA, SendIMEMessageExW, SendInput, SendMessageA, SendMessageCallbackA, SendMessageCallbackW, SendMessageTimeoutA, SendMessageTimeoutW, SendMessageW, SendNotifyMessageA, SendNotifyMessageW, SetActiveWindow, SetCapture, SetCaretBlinkTime, SetCaretPos, SetClassLongA, SetClassLongW, SetClassWord, SetClipboardData, SetClipboardViewer, SetCursor, SetCursorContents, SetCursorPos, SetDebugErrorLevel, SetDeskWallpaper, SetDisplayConfig, SetDlgItemInt, SetDlgItemTextA, SetDlgItemTextW, SetDoubleClickTime, SetFocus, SetForegroundWindow, SetGestureConfig, SetInternalWindowPos, SetKeyboardState, SetLastErrorEx, SetLayeredWindowAttributes, SetMagnificationDesktopColorEffect, SetMagnificationDesktopMagnification, SetMagnificationLensCtxInformation, SetMenu, SetMenuContextHelpId, SetMenuDefaultItem, SetMenuInfo, SetMenuItemBitmaps, SetMenuItemInfoA, SetMenuItemInfoW, SetMessageExtraInfo, SetMessageQueue, SetMirrorRendering, SetParent, SetPhysicalCursorPos, SetProcessDPIAware, SetProcessDefaultLayout, SetProcessWindowStation, SetProgmanWindow, SetPropA, SetPropW, SetRect, SetRectEmpty, SetScrollInfo, SetScrollPos, SetScrollRange, SetShellWindow, SetShellWindowEx, SetSysColors, SetSysColorsTemp, SetSystemCursor, SetSystemMenu, SetTaskmanWindow, SetThreadDesktop, SetTimer, SetUserObjectInformationA, SetUserObjectInformationW, SetUserObjectSecurity, SetWinEventHook, SetWindowCompositionAttribute, SetWindowContextHelpId, SetWindowDisplayAffinity, SetWindowLongA, SetWindowLongW, SetWindowPlacement, SetWindowPos, SetWindowRgn, SetWindowRgnEx, SetWindowStationUser, SetWindowTextA, SetWindowTextW, SetWindowWord, SetWindowsHookA, SetWindowsHookExA, SetWindowsHookExW, SetWindowsHookW, SfmDxBindSwapChain, SfmDxGetSwapChainStats, SfmDxOpenSwapChain, SfmDxQuerySwapChainBindingStatus, SfmDxReleaseSwapChain, SfmDxReportPendingBindingsToDwm, SfmDxSetSwapChainBindingStatus, SfmDxSetSwapChainStats, ShowCaret, ShowCursor, ShowOwnedPopups, ShowScrollBar, ShowStartGlass, ShowSystemCursor, ShowWindow, ShowWindowAsync, ShutdownBlockReasonCreate, ShutdownBlockReasonDestroy, ShutdownBlockReasonQuery, SoftModalMessageBox, SoundSentry, SubtractRect, SwapMouseButton, SwitchDesktop, SwitchDesktopWithFade, SwitchToThisWindow, SystemParametersInfoA, SystemParametersInfoW, TabbedTextOutA, TabbedTextOutW, TileChildWindows, TileWindows, ToAscii, ToAsciiEx, ToUnicode, ToUnicodeEx, TrackMouseEvent, TrackPopupMenu, TrackPopupMenuEx, TranslateAccelerator, TranslateAcceleratorA, TranslateAcceleratorW, TranslateMDISysAccel, TranslateMessage, TranslateMessageEx, UnhookWinEvent, UnhookWindowsHook, UnhookWindowsHookEx, UnionRect, UnloadKeyboardLayout, UnlockWindowStation, UnpackDDElParam, UnregisterClassA, UnregisterClassW, UnregisterDeviceNotification, UnregisterHotKey, UnregisterMessagePumpHook, UnregisterPowerSettingNotification, UnregisterSessionPort, UnregisterTouchWindow, UnregisterUserApiHook, UpdateLayeredWindow, UpdateLayeredWindowIndirect, UpdatePerUserSystemParameters, UpdateWindow, UpdateWindowTransform, User32InitializeImmEntryTable, UserClientDllInitialize, UserHandleGrantAccess, UserLpkPSMTextOut, UserLpkTabbedTextOut, UserRealizePalette, UserRegisterWowHandlers, VRipOutput, VTagOutput, ValidateRect, ValidateRgn, VkKeyScanA, VkKeyScanExA, VkKeyScanExW, VkKeyScanW, WCSToMBEx, WINNLSEnableIME, WINNLSGetEnableStatus, WINNLSGetIMEHotkey, WaitForInputIdle, WaitMessage, WinHelpA, WinHelpW, WindowFromDC, WindowFromPhysicalPoint, WindowFromPoint, _UserTestTokenForInteractive, gSharedInfo, gapfnScSendMessage, keybd_event, mouse_event, wsprintfA, wsprintfW, wvsprintfA, wvsprintfW
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 445440
CompanyName: Microsoft Corporation
EntryPoint: 0x1ae99
FileDescription: Multi-User Windows USER API Client DLL
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 814 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
FileVersionNumber: 6.1.7600.16385
ImageVersion: 6.1
InitializedDataSize: 386560
InternalName: user32
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.1
ObjectFileType: Dynamic link library
OriginalFilename: user32
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 6.1.7600.16385
ProductVersionNumber: 6.1.7600.16385
Subsystem: Windows GUI
SubsystemVersion: 6.1
TimeStamp: 2009:07:14 03:11:24+02:00
UninitializedDataSize: 0

Jak to vypadá s počítačem?

furt stejne, asi bude chyba nekde jinde..

vsechny logy a scany ukazuji na to, ze vir/malware apod nemam

To právě nemusí být problém viru , spíš pokud je to jen u her, tak grafiky, paměti...



Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

cistic odstranil nejakych 920MB

registry - opraveno 137 z 137

zkusim pouzivat Cleaner, doted jsem pouzival program Revo-uninstaller.

zkusim jak je na tom pc s mym problemem, kazdopadne dekuji za cas, ktery mi zde venujete..

EDIT : o neco se to zlepsilo.. v radu par FPS

---


Logfile of random's system information tool 1.08 (written by random/random)
Run by Andrew at 2011-01-29 12:53:16
Microsoft Windows 7 Ultimate
System drive C: has 425 GB (89%) free of 477 GB
Total RAM: 8190 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:53:23, on 29.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Users\Andrew\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\QIP 2010\qip.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Andrew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Kone] "C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2010\qip.exe" /autorun
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: EVEREST Ultimate Edition.lnk = C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: S&end to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.euro.dell.com/systemprof ... emLite.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) Extreme Tuning Utility (XTUService) - Intel Corporation - C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

--
End of file - 8614 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2d8
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
taskeng.exe {86651E86-876D-40FF-B38B-5BD66ADFF3AF}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
taskeng.exe {CA21B517-198F-44FB-9E88-DE49B1BB3FD0}
"C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe" /s
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Users\Andrew\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe" /crashhandler
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"C:\Program Files (x86)\QIP 2010\qip.exe" /autorun
"C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe"
"C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe"
"C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
"C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe"
"C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_0/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=3800.05F5A300.160153201 /prefetch:3
"C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Andrew\AppData\Local\Google\Chrome\Application\8.0.552.237\gcswf32.dll" --lang=cs --plugin-data-dir="C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default" --channel=3800.0600244C.275107909 /prefetch:4
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-177400242-4199771672-94652025-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-177400242-4199771672-94652025-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Andrew\Desktop\RSITx64.exe"
wmiadap.exe /F /T /R

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-177400242-4199771672-94652025-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-177400242-4199771672-94652025-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-01-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AsioReg"=REGSVR32.EXE /S CTASIO.DLL []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 136176]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"Infium"=C:\Program Files (x86)\QIP 2010\qip.exe [2010-11-24 5853056]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2009-10-19 36864]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-01-22 106496]
"QFan Help"=C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [2010-03-25 611968]
"Kone"=C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE [2009-09-15 180224]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-09-21 2583040]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]

C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
EVEREST Ultimate Edition.lnk - C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-01-29 12:53:16 ----D---- C:\rsit
2011-01-29 12:44:19 ----D---- C:\Program Files (x86)\CCleaner
2011-01-28 22:33:25 ----SHD---- C:\$RECYCLE.BIN
2011-01-28 22:26:35 ----D---- C:\Qoobox
2011-01-28 20:47:15 ----D---- C:\Users\Andrew\AppData\Roaming\Malwarebytes
2011-01-28 20:47:11 ----D---- C:\ProgramData\Malwarebytes
2011-01-28 20:47:08 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-01-28 19:09:48 ----D---- C:\Windows\Minidump
2011-01-27 20:23:45 ----D---- C:\Program Files\Common Files\ATI Technologies
2011-01-27 20:22:24 ----D---- C:\Program Files\ATI
2011-01-27 20:22:03 ----D---- C:\Program Files\ATI Technologies
2011-01-27 12:53:38 ----D---- C:\Program Files\trend micro
2011-01-26 12:55:23 ----D---- C:\Program Files (x86)\MSI Afterburner
2011-01-25 20:38:50 ----D---- C:\Program Files\CPUID
2011-01-25 20:38:50 ----A---- C:\Windows\system32\drivers\cpuz134_x64.sys
2011-01-25 19:41:51 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-01-25 19:41:51 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-01-25 19:41:51 ----A---- C:\Windows\SYSWOW64\java.exe
2011-01-25 19:28:14 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
2011-01-25 19:03:07 ----A---- C:\Windows\system32\aswBoot.exe
2011-01-16 19:25:06 ----DC---- C:\Windows\system32\DRVSTORE
2011-01-13 23:04:55 ----D---- C:\Users\Andrew\AppData\Roaming\Vara Software
2011-01-13 23:04:54 ----D---- C:\Users\Andrew\AppData\Roaming\Wirecast
2011-01-13 23:04:53 ----D---- C:\ProgramData\Telestream
2011-01-13 23:04:53 ----D---- C:\ProgramData\eSellerate
2011-01-13 23:03:05 ----D---- C:\Program Files (x86)\Ustream
2011-01-13 23:02:03 ----D---- C:\ProgramData\Apple Computer
2011-01-13 23:02:03 ----D---- C:\Program Files (x86)\QuickTime
2011-01-13 23:01:19 ----D---- C:\ProgramData\Apple
2011-01-13 23:01:19 ----D---- C:\Program Files (x86)\Apple Software Update
2011-01-13 21:29:55 ----D---- C:\Program Files (x86)\SplitMediaLabs
2011-01-13 20:24:35 ----D---- C:\Users\Andrew\AppData\Roaming\TeamViewer
2011-01-13 20:22:59 ----D---- C:\Program Files (x86)\TeamViewer
2011-01-13 19:07:17 ----D---- C:\ProgramData\SplitMediaLabs
2011-01-12 17:08:44 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2011-01-12 17:08:44 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2011-01-12 17:08:44 ----A---- C:\Windows\system32\XpsPrint.dll
2011-01-12 17:08:44 ----A---- C:\Windows\system32\WMVDECOD.DLL
2011-01-12 17:08:44 ----A---- C:\Windows\system32\mf.dll
2011-01-12 17:08:44 ----A---- C:\Windows\system32\DWrite.dll
2011-01-12 17:08:44 ----A---- C:\Windows\system32\d3d10warp.dll
2011-01-12 17:08:44 ----A---- C:\Windows\system32\d2d1.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\XpsRasterService.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\mfreadwrite.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\mf.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\d3d10_1core.dll
2011-01-12 17:08:43 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\mfps.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\FntCache.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-01-12 17:08:43 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-01-12 17:08:43 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\d3d10_1.dll
2011-01-12 17:08:43 ----A---- C:\Windows\system32\cdd.dll
2011-01-12 17:08:31 ----A---- C:\Windows\SYSWOW64\odbc32.dll
2011-01-12 17:08:31 ----A---- C:\Windows\system32\odbc32.dll
2011-01-10 11:46:15 ----AH---- C:\aaw7boot.cmd
2011-01-10 10:38:45 ----A---- C:\Windows\system32\drivers\SBREDrv.sys
2011-01-10 10:36:56 ----D---- C:\ProgramData\Lavasoft
2011-01-05 04:37:14 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2011-01-05 04:22:46 ----A---- C:\Windows\system32\atio6axx.dll
2011-01-05 04:03:34 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2011-01-05 04:02:40 ----A---- C:\Windows\system32\atiapfxx.exe
2011-01-05 04:02:28 ----A---- C:\Windows\SYSWOW64\aticfx32.dll
2011-01-05 03:58:42 ----A---- C:\Windows\system32\ATIDEMGX.dll
2011-01-05 03:58:22 ----A---- C:\Windows\system32\atieclxx.exe
2011-01-05 03:57:44 ----A---- C:\Windows\system32\atiesrxx.exe
2011-01-05 03:56:30 ----A---- C:\Windows\system32\atitmm64.dll
2011-01-05 03:56:10 ----A---- C:\Windows\system32\atipdl64.dll
2011-01-05 03:56:02 ----A---- C:\Windows\SYSWOW64\atipdlxx.dll
2011-01-05 03:55:50 ----A---- C:\Windows\SYSWOW64\Oemdspif.dll
2011-01-05 03:55:46 ----A---- C:\Windows\system32\atimuixx.dll
2011-01-05 03:55:40 ----A---- C:\Windows\system32\atiedu64.dll
2011-01-05 03:55:34 ----A---- C:\Windows\SYSWOW64\ati2edxx.dll
2011-01-05 03:52:20 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2011-01-05 03:33:30 ----A---- C:\Windows\system32\aticalrt64.dll
2011-01-05 03:33:28 ----A---- C:\Windows\SYSWOW64\aticalrt.dll
2011-01-05 03:33:20 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2011-01-05 03:33:20 ----A---- C:\Windows\system32\aticalcl64.dll
2011-01-05 03:33:16 ----A---- C:\Windows\SYSWOW64\aticalcl.dll
2011-01-05 03:33:08 ----A---- C:\Windows\system32\aticaldd64.dll
2011-01-05 03:32:56 ----A---- C:\Windows\system32\atiumd6v.dll
2011-01-05 03:32:22 ----A---- C:\Windows\system32\atiumd6a.dll
2011-01-05 03:31:52 ----A---- C:\Windows\SYSWOW64\aticaldd.dll
2011-01-05 03:27:06 ----A---- C:\Windows\system32\atiumd64.dll
2011-01-05 03:25:04 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2011-01-05 03:19:58 ----A---- C:\Windows\system32\atig6pxx.dll
2011-01-05 03:19:54 ----A---- C:\Windows\SYSWOW64\atiglpxx.dll
2011-01-05 03:19:54 ----A---- C:\Windows\system32\atiglpxx.dll
2011-01-05 03:19:52 ----A---- C:\Windows\system32\atig6txx.dll
2011-01-05 03:19:44 ----A---- C:\Windows\SYSWOW64\atigktxx.dll
2011-01-05 03:19:38 ----A---- C:\Windows\system32\drivers\atikmpag.sys
2011-01-05 03:18:46 ----A---- C:\Windows\SYSWOW64\atiuxpag.dll
2011-01-05 03:18:34 ----A---- C:\Windows\system32\atiu9p64.dll
2011-01-05 03:18:26 ----A---- C:\Windows\SYSWOW64\atiu9pag.dll
2011-01-05 03:17:20 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2011-01-05 03:11:10 ----A---- C:\Windows\system32\atimpc64.dll
2011-01-05 03:11:10 ----A---- C:\Windows\system32\amdpcom64.dll
2011-01-05 03:11:00 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2011-01-05 03:11:00 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll

======List of files/folders modified in the last 1 months======

2011-01-29 12:53:23 ----D---- C:\Windows\Prefetch
2011-01-29 12:53:20 ----D---- C:\Windows\Temp
2011-01-29 12:49:36 ----D---- C:\Program Files (x86)\QIP 2010
2011-01-29 12:49:24 ----D---- C:\Windows\system32\config
2011-01-29 12:49:08 ----D---- C:\Windows
2011-01-29 12:45:31 ----D---- C:\Users\Andrew\AppData\Roaming\Winamp
2011-01-29 12:45:31 ----D---- C:\Users\Andrew\AppData\Roaming\Media Player Classic
2011-01-29 12:45:21 ----D---- C:\Windows\debug
2011-01-29 12:44:19 ----RD---- C:\Program Files (x86)
2011-01-29 09:09:26 ----D---- C:\Windows\System32
2011-01-29 09:09:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-29 09:09:25 ----D---- C:\Windows\inf
2011-01-28 23:55:41 ----D---- C:\Users\Andrew\AppData\Roaming\uTorrent
2011-01-28 22:31:17 ----A---- C:\Windows\system.ini
2011-01-28 22:29:52 ----D---- C:\Windows\SYSWOW64\drivers
2011-01-28 22:29:52 ----D---- C:\Windows\SysWOW64
2011-01-28 22:29:52 ----D---- C:\Windows\system32\drivers
2011-01-28 22:29:52 ----D---- C:\Windows\AppPatch
2011-01-28 22:29:51 ----D---- C:\Program Files\Common Files
2011-01-28 22:29:51 ----D---- C:\Program Files (x86)\Common Files
2011-01-28 22:01:02 ----SHD---- C:\System Volume Information
2011-01-28 20:47:11 ----D---- C:\ProgramData
2011-01-27 21:43:04 ----D---- C:\Windows\SYSWOW64\directx
2011-01-27 21:43:04 ----D---- C:\Temp
2011-01-27 20:23:46 ----SHD---- C:\Windows\Installer
2011-01-27 20:22:44 ----D---- C:\Windows\system32\catroot
2011-01-27 20:22:33 ----D---- C:\Windows\system32\DriverStore
2011-01-27 20:22:24 ----RD---- C:\Program Files
2011-01-27 20:19:44 ----D---- C:\Windows\system32\catroot2
2011-01-27 13:05:36 ----D---- C:\Windows\system32\Tasks
2011-01-26 00:47:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-01-26 00:47:06 ----D---- C:\Program Files (x86)\ASUS
2011-01-25 23:02:58 ----D---- C:\Windows\winsxs
2011-01-25 19:42:49 ----SD---- C:\Users\Andrew\AppData\Roaming\Microsoft
2011-01-25 19:41:48 ----D---- C:\Program Files (x86)\Java
2011-01-25 19:28:50 ----A---- C:\Windows\NeroDigital.ini
2011-01-16 20:30:05 ----D---- C:\Users\Andrew\AppData\Roaming\Skype
2011-01-16 20:05:59 ----RD---- C:\Program Files (x86)\Skype
2011-01-16 19:47:56 ----D---- C:\Users\Andrew\AppData\Roaming\skypePM
2011-01-13 23:02:13 ----D---- C:\Program Files (x86)\Internet Explorer
2011-01-13 17:45:10 ----D---- C:\Users\Andrew\AppData\Roaming\mIRC
2011-01-13 17:44:25 ----D---- C:\Program Files (x86)\mIRC
2011-01-13 12:34:36 ----D---- C:\Users\Andrew\AppData\Roaming\BSplayer
2011-01-13 09:47:32 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2011-01-12 20:01:47 ----A---- C:\Windows\system32\MRT.exe
2011-01-05 04:01:12 ----A---- C:\Windows\system32\aticfx64.dll
2011-01-05 03:43:20 ----A---- C:\Windows\system32\atidxx64.dll
2011-01-05 03:28:08 ----A---- C:\Windows\system32\coinst.dll
2011-01-05 03:20:20 ----A---- C:\Windows\system32\atiadlxx.dll
2011-01-05 03:20:10 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2011-01-05 03:18:52 ----A---- C:\Windows\system32\atiuxp64.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2009-10-19 115312]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-20 834544]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2010-04-22 13440]
R1 AsUpIO;AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [2009-07-06 13368]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-01-13 29264]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-01-13 273488]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-01-13 51792]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-01-13 20560]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-12-19 314016]
R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
R2 IOCBIOS;IOCBIOS; \??\C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-02-03 30384]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-12-19 43680]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-08-14 11576]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-01-05 8283136]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-01-05 294400]
R3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2010-03-30 26752]
R3 KoneFltr;ROCCAT Kone; C:\Windows\system32\drivers\Kone.sys [2008-12-11 15488]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
R3 RTCore64;RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-08-31 14648]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
R3 smbusp;Intel(R) SMBus 2.0 Driver; C:\Windows\system32\DRIVERS\intelsmb.sys [2010-01-20 36224]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]
S1 EIO64;EIO Driver; C:\Windows\system32\DRIVERS\EIO64.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\Windows\system32\drivers\asusgsb.sys [2009-02-17 17792]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 125456]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-01-05 8283136]
S3 atxcdmjo;atxcdmjo; C:\Windows\system32\drivers\atxcdmjo.sys []
S3 COMMONFX.DLL;COMMONFX.DLL; C:\Windows\system32\COMMONFX.DLL [2007-04-12 151296]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\Windows\system32\CT20XUT.DLL [2007-04-10 252712]
S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2007-04-10 580904]
S3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2007-04-10 863016]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\Windows\system32\CTAUDFX.DLL [2007-04-10 700200]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\Windows\system32\CTEAPSFX.DLL [2007-04-10 219432]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\Windows\system32\CTEDSPFX.DLL [2007-04-10 321832]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\Windows\system32\CTEDSPIO.DLL [2007-04-10 190248]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\Windows\system32\CTEDSPSY.DLL [2007-04-10 363304]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\Windows\system32\CTERFXFX.DLL [2007-04-10 142120]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\Windows\system32\CTEXFIFX.DLL [2007-04-10 1571112]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\Windows\system32\CTHWIUT.DLL [2007-04-10 123688]
S3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2007-04-10 17192]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\Windows\system32\CTSBLFX.DLL [2007-04-10 681256]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2007-04-10 290600]
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver; C:\Windows\system32\DRIVERS\E1G6032E.sys [2009-06-10 145792]
S3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2007-04-10 147752]
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys [2008-04-22 12744]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\Windows\system32\drivers\ha10kx2k.sys [2007-04-10 1359144]
S3 hap16v2k;Creative P16V HAL Driver; C:\Windows\system32\drivers\hap16v2k.sys [2007-04-10 259880]
S3 hap17v2k;Creative P17V HAL Driver; C:\Windows\system32\drivers\hap17v2k.sys [2007-04-10 295208]
S3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2007-04-10 218408]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-01-05 203776]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R2 XTUService;Intel(R) Extreme Tuning Utility; C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-04-09 22280]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-19 1255736]

-----------------EOF-----------------

Ještě něco dočistím

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript: - zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

[2011.01.25 19:41:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.01.25 19:41:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.01.25 19:41:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.01.25 19:03:07 | 000,237,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.01.16 19:25:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011.01.15 20:46:41 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\zyxel
[2011.01.13 23:04:55 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Vara Software
[2011.01.13 23:04:54 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Wirecast
[2011.01.13 23:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Telestream
[2011.01.13 23:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2011.01.13 23:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eSellerate
[2011.01.13 23:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ustream
[2011.01.13 23:03:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ustream
[2011.01.13 23:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.01.13 23:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.01.13 23:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.01.13 23:01:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011.01.13 23:01:20 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Apple
[2011.01.13 23:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.01.13 23:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.01.13 21:29:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2011.01.13 21:29:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2011.01.13 20:24:35 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\TeamViewer
[2011.01.13 20:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011.01.13 19:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2011.01.12 17:08:44 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011.01.12 17:08:44 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011.01.12 17:08:44 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011.01.12 17:08:44 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.01.12 17:08:44 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011.01.12 17:08:44 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.01.12 17:08:44 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.01.12 17:08:44 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.01.12 17:08:43 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011.01.12 17:08:43 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011.01.12 17:08:43 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011.01.12 17:08:43 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011.01.12 17:08:43 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.01.12 17:08:43 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.01.12 17:08:43 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.01.12 17:08:43 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011.01.12 17:08:43 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.01.12 17:08:43 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.01.12 17:08:43 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011.01.12 17:08:43 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011.01.12 17:08:43 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011.01.12 17:08:43 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011.01.12 17:08:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011.01.12 17:08:43 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011.01.12 17:08:43 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011.01.12 17:08:43 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.01.12 17:08:43 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011.01.12 17:08:31 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011.01.12 17:08:31 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011.01.10 10:38:45 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.01.10 10:37:53 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Sunbelt Software
[2011.01.10 10:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.01.05 04:37:14 | 008,283,136 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2011.01.05 04:22:46 | 022,100,480 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2011.01.05 04:03:34 | 017,043,968 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2011.01.05 04:02:40 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2011.01.05 04:02:28 | 000,596,480 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2011.01.05 03:58:42 | 000,462,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2011.01.05 03:58:22 | 000,480,256 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011.01.05 03:57:44 | 000,203,776 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011.01.05 03:56:30 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011.01.05 03:56:10 | 000,423,424 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2011.01.05 03:56:02 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2011.01.05 03:55:50 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2011.01.05 03:55:46 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011.01.05 03:55:40 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2011.01.05 03:55:34 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2011.01.05 03:52:20 | 004,101,632 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2011.01.05 03:33:30 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2011.01.05 03:33:28 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2011.01.05 03:33:20 | 004,162,048 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2011.01.05 03:33:20 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2011.01.05 03:33:16 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2011.01.05 03:33:08 | 006,815,232 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2011.01.05 03:32:56 | 001,208,320 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2011.01.05 03:32:22 | 003,218,944 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2011.01.05 03:31:52 | 005,441,024 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2011.01.05 03:27:06 | 005,305,856 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2011.01.05 03:25:04 | 003,461,120 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2011.01.05 03:19:58 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2011.01.05 03:19:54 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2011.01.05 03:19:54 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2011.01.05 03:19:52 | 000,032,256 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2011.01.05 03:19:44 | 000,027,648 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2011.01.05 03:19:38 | 000,294,400 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2011.01.05 03:18:46 | 000,030,720 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2011.01.05 03:18:34 | 000,038,400 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2011.01.05 03:18:26 | 000,028,672 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2011.01.05 03:17:20 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2011.01.05 03:11:10 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2011.01.05 03:11:10 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2011.01.05 03:11:00 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2011.01.05 03:11:00 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2011.01.04 11:11:07 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\RatioMaster-1.9.1
[2007.04.09 11:32:58 | 000,034,816 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.01.29 15:52:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2011.01.29 15:00:00 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-177400242-4199771672-94652025-1000UA.job
[2011.01.29 12:54:10 | 001,477,890 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.01.29 12:54:10 | 000,633,980 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011.01.29 12:54:10 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.01.29 12:54:10 | 000,122,560 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011.01.29 12:54:10 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.01.29 12:49:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.29 12:49:03 | 2145,951,743 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.29 12:48:14 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.29 12:48:14 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.29 12:44:20 | 000,001,003 | ---- | M] () -- C:\Users\Andrew\Desktop\CCleaner.lnk
[2011.01.29 12:42:55 | 001,187,896 | ---- | M] (Piriform Ltd) -- C:\Users\Andrew\Desktop\ccleaner.exe
[2011.01.28 19:10:36 | 002,789,596 | ---- | M] () -- C:\Users\Andrew\Desktop\OC.rar
[2011.01.28 18:35:08 | 001,050,306 | ---- | M] () -- C:\Users\Andrew\Desktop\Morfeus.rar
[2011.01.28 09:42:08 | 000,013,139 | ---- | M] () -- C:\Users\Andrew\Desktop\Nový Textový dokument OpenDocument.odt
[2011.01.28 09:00:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-177400242-4199771672-94652025-1000Core.job
[2011.01.27 15:40:02 | 000,087,572 | ---- | M] () -- C:\Users\Andrew\Desktop\takt procaku.jpg
[2011.01.27 12:53:17 | 000,832,273 | ---- | M] () -- C:\Users\Andrew\Desktop\RSITx64.exe
[2011.01.27 09:32:56 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Users\Andrew\Desktop\hijackthis.exe
[2011.01.27 08:52:49 | 000,039,936 | ---- | M] () -- C:\Users\Andrew\Desktop\lit1.doc
[2011.01.26 22:58:16 | 119,320,154 | ---- | M] () -- C:\Users\Andrew\Desktop\Topografická anatomie.PDF
[2011.01.26 21:43:04 | 231,167,062 | ---- | M] () -- C:\Users\Andrew\Desktop\klinická anatomie ve stomatologii.pdf
[2011.01.26 12:55:26 | 000,001,082 | ---- | M] () -- C:\Users\Andrew\Desktop\MSI Afterburner.lnk
[2011.01.26 00:46:16 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2011.01.25 23:58:19 | 000,288,792 | ---- | M] () -- C:\Users\Andrew\Desktop\P7P55D-E-QVL.zip
[2011.01.25 19:41:30 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011.01.25 19:28:50 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.01.25 19:03:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.01.16 13:41:54 | 000,023,155 | ---- | M] () -- C:\Users\Andrew\Desktop\1234.jpg
[2011.01.16 13:41:28 | 000,029,640 | ---- | M] () -- C:\Users\Andrew\Desktop\123.jpg
[2011.01.14 10:55:54 | 000,000,261 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\net.telestream.ustreamproducer.prefs.xml
[2011.01.13 23:04:06 | 000,002,635 | ---- | M] () -- C:\Users\Andrew\Desktop\Ustream Producer.lnk
[2011.01.13 23:02:09 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.01.13 21:29:17 | 015,068,160 | ---- | M] () -- C:\Users\Andrew\Desktop\xsplit_installer.msi
[2011.01.13 20:21:35 | 003,552,456 | ---- | M] () -- C:\Users\Andrew\Desktop\TeamViewer_Setup_cs.exe
[2011.01.13 19:17:56 | 000,001,127 | ---- | M] () -- C:\Users\Andrew\Desktop\XSplit Broadcaster.lnk
[2011.01.13 17:03:00 | 001,032,808 | ---- | M] () -- C:\Users\Andrew\Desktop\IMAG0730.jpg
[2011.01.13 17:01:16 | 000,866,726 | ---- | M] () -- C:\Users\Andrew\Desktop\IMAG0728.jpg
[2011.01.13 09:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.01.13 09:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011.01.13 09:47:23 | 000,237,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.01.13 09:41:44 | 000,273,488 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011.01.13 09:40:20 | 000,051,792 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011.01.13 09:37:34 | 000,029,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011.01.13 09:37:23 | 000,062,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011.01.13 09:37:12 | 000,020,560 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011.01.12 16:13:36 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2011.01.10 11:46:15 | 000,000,608 | -H-- | M] () -- C:\aaw7boot.cmd
[2011.01.10 10:38:45 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.01.05 06:55:42 | 000,026,112 | ---- | M] () -- C:\Users\Andrew\Desktop\RigPrepZub.doc
[2011.01.05 04:37:14 | 008,283,136 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2011.01.05 04:22:46 | 022,100,480 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2011.01.05 04:03:34 | 017,043,968 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2011.01.05 04:02:44 | 000,138,384 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2011.01.05 04:02:40 | 000,143,360 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2011.01.05 04:02:28 | 000,596,480 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2011.01.05 04:01:12 | 000,708,608 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2011.01.05 03:58:42 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2011.01.05 03:58:22 | 000,480,256 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011.01.05 03:57:44 | 000,203,776 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011.01.05 03:56:30 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011.01.05 03:56:10 | 000,423,424 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2011.01.05 03:56:02 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2011.01.05 03:55:50 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2011.01.05 03:55:46 | 000,016,384 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011.01.05 03:55:40 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2011.01.05 03:55:34 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2011.01.05 03:52:20 | 004,101,632 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2011.01.05 03:43:20 | 004,844,544 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2011.01.05 03:33:30 | 000,051,200 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2011.01.05 03:33:28 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2011.01.05 03:33:20 | 004,162,048 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2011.01.05 03:33:20 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2011.01.05 03:33:16 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2011.01.05 03:33:08 | 006,815,232 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2011.01.05 03:32:56 | 001,208,320 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2011.01.05 03:32:22 | 003,218,944 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2011.01.05 03:31:52 | 005,441,024 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2011.01.05 03:29:58 | 000,675,584 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2011.01.05 03:28:08 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011.01.05 03:27:06 | 005,305,856 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2011.01.05 03:25:04 | 003,461,120 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2011.01.05 03:24:40 | 000,675,584 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2011.01.05 03:20:20 | 000,353,792 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2011.01.05 03:20:10 | 000,249,856 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2011.01.05 03:19:58 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2011.01.05 03:19:54 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2011.01.05 03:19:54 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2011.01.05 03:19:52 | 000,032,256 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2011.01.05 03:19:44 | 000,027,648 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2011.01.05 03:19:38 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2011.01.05 03:18:52 | 000,039,936 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2011.01.05 03:18:46 | 000,030,720 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2011.01.05 03:18:34 | 000,038,400 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2011.01.05 03:18:26 | 000,028,672 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2011.01.05 03:17:20 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2011.01.05 03:11:10 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2011.01.05 03:11:10 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2011.01.05 03:11:00 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2011.01.05 03:11:00 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.01.29 12:44:20 | 000,001,003 | ---- | C] () -- C:\Users\Andrew\Desktop\CCleaner.lnk
[2011.01.28 19:10:35 | 002,789,596 | ---- | C] () -- C:\Users\Andrew\Desktop\OC.rar
[2011.01.28 18:35:08 | 001,050,306 | ---- | C] () -- C:\Users\Andrew\Desktop\Morfeus.rar
[2011.01.28 09:19:14 | 000,013,139 | ---- | C] () -- C:\Users\Andrew\Desktop\Nový Textový dokument OpenDocument.odt
[2011.01.27 15:40:02 | 000,087,572 | ---- | C] () -- C:\Users\Andrew\Desktop\takt procaku.jpg
[2011.01.27 12:53:16 | 000,832,273 | ---- | C] () -- C:\Users\Andrew\Desktop\RSITx64.exe
[2011.01.27 08:52:49 | 000,039,936 | ---- | C] () -- C:\Users\Andrew\Desktop\lit1.doc
[2011.01.26 21:49:57 | 119,320,154 | ---- | C] () -- C:\Users\Andrew\Desktop\Topografická anatomie.PDF
[2011.01.26 18:53:15 | 231,167,062 | ---- | C] () -- C:\Users\Andrew\Desktop\klinická anatomie ve stomatologii.pdf
[2011.01.26 12:55:26 | 000,001,082 | ---- | C] () -- C:\Users\Andrew\Desktop\MSI Afterburner.lnk
[2011.01.25 23:58:18 | 000,288,792 | ---- | C] () -- C:\Users\Andrew\Desktop\P7P55D-E-QVL.zip
[2011.01.25 20:38:51 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2011.01.25 19:41:30 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.01.25 19:41:30 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011.01.16 13:41:57 | 000,023,155 | ---- | C] () -- C:\Users\Andrew\Desktop\1234.jpg
[2011.01.16 13:41:32 | 000,029,640 | ---- | C] () -- C:\Users\Andrew\Desktop\123.jpg
[2011.01.13 23:06:55 | 000,002,635 | ---- | C] () -- C:\Users\Andrew\Desktop\Ustream Producer.lnk
[2011.01.13 23:04:53 | 000,000,261 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\net.telestream.ustreamproducer.prefs.xml
[2011.01.13 23:02:09 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.01.13 23:01:19 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.01.13 21:27:48 | 015,068,160 | ---- | C] () -- C:\Users\Andrew\Desktop\xsplit_installer.msi
[2011.01.13 20:21:25 | 003,552,456 | ---- | C] () -- C:\Users\Andrew\Desktop\TeamViewer_Setup_cs.exe
[2011.01.13 19:17:56 | 000,001,127 | ---- | C] () -- C:\Users\Andrew\Desktop\XSplit Broadcaster.lnk
[2011.01.13 18:17:00 | 001,032,808 | ---- | C] () -- C:\Users\Andrew\Desktop\IMAG0730.jpg
[2011.01.13 18:15:15 | 000,866,726 | ---- | C] () -- C:\Users\Andrew\Desktop\IMAG0728.jpg
[2011.01.10 11:46:15 | 000,000,608 | -H-- | C] () -- C:\aaw7boot.cmd
[2011.01.05 06:55:42 | 000,026,112 | ---- | C] () -- C:\Users\Andrew\Desktop\RigPrepZub.doc
[2011.01.05 04:02:44 | 000,138,384 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2011.01.05 03:29:58 | 000,675,584 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2011.01.05 03:24:40 | 000,675,584 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2010.11.29 11:26:22 | 000,003,584 | ---- | C] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.01 12:03:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.09.09 13:07:25 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.08.19 15:07:20 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010.08.19 09:07:11 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.08.19 09:07:10 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.08.18 08:55:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.08.18 08:55:20 | 000,029,875 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.06.15 17:06:38 | 000,153,502 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010.06.15 17:05:02 | 005,002,416 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010.06.15 16:43:58 | 001,641,574 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2010.05.24 20:39:50 | 000,289,065 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2010.05.24 20:38:34 | 000,962,008 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010.05.19 21:59:20 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2010.05.19 21:59:10 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2010.05.19 21:59:02 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2010.05.19 21:58:52 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2010.05.19 21:58:18 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2010.05.19 21:58:08 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2010.05.19 21:57:42 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2010.05.19 21:57:26 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2010.05.19 21:55:40 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2010.05.19 21:55:36 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2010.05.12 16:09:06 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.05.11 22:26:52 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010.05.11 22:22:22 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2010.05.10 23:10:04 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2010.05.10 23:09:50 | 000,257,024 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2010.05.10 23:09:42 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2010.05.10 23:09:30 | 000,484,864 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2010.05.10 23:07:24 | 001,556,992 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2010.05.10 23:05:28 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2010.05.10 23:05:06 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2010.05.10 23:03:56 | 000,163,328 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.06 03:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009.01.10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2008.11.06 16:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007.10.13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2007.04.12 07:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\SysWow64\APOMgrH.dll
[2007.04.09 11:55:14 | 000,097,785 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2007.04.09 11:55:14 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2007.04.09 11:33:50 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2006.10.02 08:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2005.06.16 09:17:16 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll

========== LOP Check ==========

========== LOP Check ==========

[2011.01.13 12:34:36 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\BSplayer
[2010.11.19 19:02:42 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\BSplayer Pro
[2010.08.20 08:30:10 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\DAEMON Tools Lite
[2010.11.01 18:29:07 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\OpenOffice.org
[2010.08.19 14:30:45 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\QIP
[2010.08.19 10:12:30 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ROCCAT
[2011.01.13 20:24:35 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\TeamViewer
[2010.08.31 15:06:54 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\TS3Client
[2010.08.19 15:17:37 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Uniblue
[2011.01.28 23:55:41 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\uTorrent
[2011.01.13 23:04:55 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Vara Software
[2011.01.14 10:53:19 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Wirecast
[2010.08.25 10:34:15 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\www.TheXSoft.com
[2010.12.04 09:23:45 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Google Update" = "C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2010.08.19 09:50:03 | 000,136,176 | ---- | M] (Google Inc.)
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 -- [2008.06.24 15:06:06 | 001,840,424 | ---- | M] (Nero AG)
"Infium" = "C:\Program Files (x86)\QIP 2010\qip.exe" /autorun -- [2010.11.24 14:02:50 | 005,853,056 | ---- | M] (QIP)

< c:\windows\*.* /U >
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.09.01 21:09:49 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Adobe
[2010.08.19 09:41:47 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ATI
[2011.01.13 12:34:36 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\BSplayer
[2010.11.19 19:02:42 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\BSplayer Pro
[2010.08.20 08:30:10 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\DAEMON Tools Lite
[2010.08.23 18:06:12 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\DivX
[2010.08.18 08:52:33 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Identities
[2010.08.21 18:05:01 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\InstallShield
[2010.08.19 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Macromedia
[2011.01.28 20:47:15 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Malwarebytes
[2009.07.14 08:45:14 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Media Center Programs
[2011.01.29 12:45:31 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Media Player Classic
[2011.01.25 19:42:49 | 000,000,000 | --SD | M] -- C:\Users\Andrew\AppData\Roaming\Microsoft
[2011.01.13 17:45:10 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\mIRC
[2010.09.09 13:15:02 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Nero
[2010.11.01 18:29:07 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\OpenOffice.org
[2010.08.19 14:30:45 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\QIP
[2010.08.19 10:12:30 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ROCCAT
[2011.01.16 20:30:05 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Skype
[2011.01.16 19:47:56 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\skypePM
[2011.01.13 20:24:35 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\TeamViewer
[2010.08.31 15:06:54 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\TS3Client
[2010.08.19 15:17:37 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Uniblue
[2011.01.28 23:55:41 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\uTorrent
[2011.01.13 23:04:55 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Vara Software
[2010.09.13 20:07:40 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Ventrilo
[2011.01.29 13:46:33 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Winamp
[2010.08.19 10:01:47 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\WinRAR
[2011.01.14 10:53:19 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Wirecast
[2010.08.25 10:34:15 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\www.TheXSoft.com

< %APPDATA%\*.exe /s >
[2009.08.11 21:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 21:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 14:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2010.02.23 17:01:52 | 001,185,871 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010.08.14 10:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010.08.14 10:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010.08.14 10:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.09.30 15:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe


< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CDROM.SYS >
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\SysNative\cryptsvc.dll
[2009.07.14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009.07.14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\drivers\nvraid.sys
[2009.07.14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2010.06.14 07:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010.06.14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\SysNative\drivers\tcpip.sys
[2010.06.14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll
[2009.07.14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

OTL Extras logfile created on: 29.1.2011 15:53:41 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Andrew\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 80,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 414,40 Gb Free Space | 88,99% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 410,92 Gb Free Space | 44,11% Space Free | Partition Type: NTFS

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-177400242-4199771672-94652025-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{10B87149-8901-4BF2-E319-7B9FEA83F8FB}" = ATI AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C4EFBB40-F101-F220-3A00-73FDF75C3519}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SMBus" = Intel(R) SMBus
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = oZone3D.Net FurMark v1.8.2
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{4552377D-5CCC-4104-987E-1998AB20C21A}" = XSplit
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D45EF03-E8EE-4355-81C3-F918CBCF1033}" = Nero 8
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility 2.0.143.16
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91004C18-9F6E-4395-BFCE-FF97FA2BE52F}" = Ustream Producer
"{9733747E-E53D-4C17-977E-3A872AFB93E1}" = ROCCAT Kone Mouse Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F07DB5C1-34F6-48A7-B23E-682ACBF27338}" = OpenAL 1.1 Core PC SDK (ver 3.03)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Afterburner" = MSI Afterburner 2.0.0
"Age of Conan_is1" = Age of Conan - Hyborian Adventures
"avast5" = avast! Free Antivirus
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"Conan Stats" = Conan Stats ( Remove only)
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"HijackThis" = HijackThis 2.0.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{F07DB5C1-34F6-48A7-B23E-682ACBF27338}" = OpenAL 1.1 Core PC SDK (ver 3.03)
"mIRC" = mIRC
"OpenAL" = OpenAL
"Revo Uninstaller" = Revo Uninstaller 1.89
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"StarCraft II" = StarCraft II
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"Winamp" = Winamp
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.6.1
"xvid" = XviD MPEG-4 Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-177400242-4199771672-94652025-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"QIP 2010" = QIP 2010 10.11.24.4444
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27.1.2011 8:39:54 | Computer Name = Andrew-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error - 27.1.2011 10:59:06 | Computer Name = Andrew-PC | Source = Software Protection Platform Service | ID = 8193
Description = Plánovač aktivace licence (sppuinotify.dll) byl ukončen s následujícím
kódem chyby: 0x80070005

Error - 27.1.2011 11:59:06 | Computer Name = Andrew-PC | Source = Software Protection Platform Service | ID = 8193
Description = Plánovač aktivace licence (sppuinotify.dll) byl ukončen s následujícím
kódem chyby: 0x80070005

Error - 27.1.2011 12:59:06 | Computer Name = Andrew-PC | Source = Software Protection Platform Service | ID = 8193
Description = Plánovač aktivace licence (sppuinotify.dll) byl ukončen s následujícím
kódem chyby: 0x80070005

Error - 27.1.2011 13:59:06 | Computer Name = Andrew-PC | Source = Software Protection Platform Service | ID = 8193
Description = Plánovač aktivace licence (sppuinotify.dll) byl ukončen s následujícím
kódem chyby: 0x80070005

Error - 27.1.2011 14:59:06 | Computer Name = Andrew-PC | Source = Software Protection Platform Service | ID = 8193
Description = Plánovač aktivace licence (sppuinotify.dll) byl ukončen s následujícím
kódem chyby: 0x80070005

Error - 27.1.2011 15:20:55 | Computer Name = Andrew-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error - 27.1.2011 16:13:56 | Computer Name = Andrew-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error - 27.1.2011 17:14:06 | Computer Name = Andrew-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error - 28.1.2011 3:53:41 | Computer Name = Andrew-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

[ System Events ]
Error - 28.1.2011 13:47:52 | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7038
Description = Služba upnphost se nemohla přihlásit jako NT AUTHORITY\LocalService
s aktuálně konfigurovaným heslem z důvodu následující chyby: %%50 Chcete-li zajistit
správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management
Console (MMC).

Error - 28.1.2011 13:47:52 | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7000
Description = Služba UPnP Device Host neuspěla při spuštění v důsledku následující
chyby: %%1069

Error - 28.1.2011 14:09:46 | Computer Name = Andrew-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (19:07:13, ?28.?1.?2011) bylo neočekávané.

Error - 28.1.2011 14:09:50 | Computer Name = Andrew-PC | Source = BugCheck | ID = 1001
Description =

Error - 28.1.2011 14:10:16 | Computer Name = Andrew-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Došlo k závažné chybě hardwaru. Ohlášeno součástí: Jádro procesoru Zdroj
chyby: 3 Typ chyby: 12 ID procesoru: 2 Další informace jsou obsaženy v podrobném zobrazení
tohoto záznamu.

Error - 28.1.2011 14:56:00 | Computer Name = Andrew-PC | Source = DCOM | ID = 10001
Description =

Error - 28.1.2011 17:28:21 | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7034
Description = Služba ASUS System Control Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 28.1.2011 17:30:58 | Computer Name = Andrew-PC | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 28.1.2011 17:31:15 | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 28.1.2011 19:03:09 | Computer Name = Andrew-PC | Source = DCOM | ID = 10001
Description =


< End of report >