Preventivka
Napsal: 19 úno 2011 09:28
Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2011-02-19 09:20:25
Microsoft Windows 7 Ultimate
System drive C: has 51 GB (23%) free of 228 GB
Total RAM: 2046 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:20:29, on 19.2.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\trend micro\Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=14597&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
O4 - HKCU\..\Run: [Bamboo Dock] "C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9766 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
"C:\Program Files\Tablet\Pen\Pen_TouchService.exe"
/QuitInfo:000000000000042C;0000000000000430; /AddRef;
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"
/QuitInfo:00000000000004E4;0000000000000518; /AddRef;
/QuitInfo:00000000000004F4;0000000000000500;
"C:\Program Files\Tablet\Pen\Pen_TouchUser.exe"
"C:\Windows\system32\Dwm.exe"
/loadhooks /Parent:0000000000000668
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {FA9191F6-BB38-412F-8657-64282BDF2840}
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe"
taskeng.exe {7DF49A3E-3253-4D6B-8503-C5A0A7177565}
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\SysWOW64\srvany.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\KMService.exe
"C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe"
\??\C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\sppsvc.exe
"C:\Windows\System32\M-AudioTaskBarIcon.exe"
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Tablet\Pen\Pen_Tablet.exe"
"C:\Program Files\Tablet\Pen\Pen_TabletUser.exe"
"C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
"C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files\Tablet\Pen\Pen_Tablet.exe" au
C:\Windows\system32\svchost.exe -k HPService
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Bamboo Dock\BambooCore.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe" -Embedding
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
taskhost.exe $(Arg0)
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-325000265-1234438900-1662419739-10012_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-325000265-1234438900-1662419739-10012 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
"C:\Users\Admin\Downloads\RSITx64.exe"
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"=C:\Windows\system32\M-AudioTaskBarIcon.exe [2009-10-02 798216]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Bamboo Dock"=C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [2011-02-17 178176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-01-25 421160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2009-11-09 180224]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe -osboot []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe [2009-09-20 270336]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2009-11-25 81000]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"MaxMenuMgr"=C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2009-09-25 185640]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-01-25 421160]
"BambooCore"=C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [2011-02-17 629336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2011-02-19 09:20:25 ----D---- C:\rsit
2011-02-17 18:53:06 ----D---- C:\Users\Admin\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2011-02-17 18:53:06 ----D---- C:\ProgramData\Wacom
2011-02-17 18:52:46 ----D---- C:\Users\Admin\AppData\Roaming\Wacom
2011-02-17 18:33:34 ----D---- C:\Program Files (x86)\Bamboo Dock
2011-02-17 18:31:11 ----D---- C:\Users\Admin\AppData\Roaming\WTablet
2011-02-17 18:31:10 ----N---- C:\Windows\SYSWOW64\Pen_Touch_Tablet.dll
2011-02-17 18:31:10 ----N---- C:\Windows\system32\Pen_Touch_Tablet.dll
2011-02-17 18:31:02 ----D---- C:\Program Files (x86)\TabletPlugins
2011-02-17 18:30:44 ----A---- C:\Windows\system32\drivers\wacmoumonitor.sys
2011-02-17 18:30:35 ----A---- C:\Windows\system32\drivers\wacommousefilter.sys
2011-02-17 18:30:19 ----A---- C:\Windows\system32\drivers\wacomvhid.sys
2011-02-17 18:30:16 ----N---- C:\Windows\SYSWOW64\Wintab32.dll
2011-02-17 18:30:16 ----N---- C:\Windows\system32\Wintab32.dll
2011-02-17 18:30:15 ----N---- C:\Windows\SYSWOW64\Pen_Tablet.dll
2011-02-17 18:30:15 ----N---- C:\Windows\system32\Pen_Tablet.dll
2011-02-17 18:30:04 ----D---- C:\Program Files\Tablet
2011-02-11 12:54:46 ----HDC---- C:\ProgramData\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2011-02-09 07:04:19 ----A---- C:\Windows\system32\mshtml.dll
2011-02-09 07:04:18 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-02-09 07:04:08 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-02-09 07:04:06 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-02-09 07:04:06 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-09 07:04:05 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-02-09 07:04:05 ----A---- C:\Windows\system32\mstime.dll
2011-02-09 07:04:05 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-09 07:04:05 ----A---- C:\Windows\system32\iertutil.dll
2011-02-09 07:04:04 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-02-09 07:04:04 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-02-09 07:04:04 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-02-09 07:04:04 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-02-09 07:04:04 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-02-09 07:04:04 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-02-09 07:04:04 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-09 07:04:04 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-09 07:04:04 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-09 07:04:04 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-09 07:04:04 ----A---- C:\Windows\system32\iepeers.dll
2011-02-09 07:03:53 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2011-02-09 07:03:53 ----A---- C:\Windows\system32\kerberos.dll
2011-02-09 07:03:48 ----A---- C:\Windows\system32\win32k.sys
2011-02-09 07:03:42 ----A---- C:\Windows\system32\urlmon.dll
2011-02-09 07:03:42 ----A---- C:\Windows\system32\upnp.dll
2011-02-09 07:03:42 ----A---- C:\Windows\system32\msxml6.dll
2011-02-09 07:03:42 ----A---- C:\Windows\system32\msxml3.dll
2011-02-09 07:03:41 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-02-09 07:03:41 ----A---- C:\Windows\SYSWOW64\upnp.dll
2011-02-09 07:03:40 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-02-09 07:03:40 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2011-02-09 07:03:40 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2011-02-09 07:03:40 ----A---- C:\Windows\system32\wininet.dll
2011-02-09 07:03:40 ----A---- C:\Windows\system32\winhttp.dll
2011-02-09 07:03:40 ----A---- C:\Windows\system32\WebClnt.dll
2011-02-09 07:03:39 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2011-02-09 07:03:39 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-02-09 07:03:39 ----A---- C:\Windows\system32\wscapi.dll
2011-02-09 07:03:39 ----A---- C:\Windows\system32\ieframe.dll
2011-02-09 07:03:39 ----A---- C:\Windows\system32\davclnt.dll
2011-02-09 07:03:38 ----A---- C:\Windows\SYSWOW64\wscapi.dll
2011-02-09 07:03:38 ----A---- C:\Windows\SYSWOW64\winhttp.dll
2011-02-09 07:03:38 ----A---- C:\Windows\SYSWOW64\slwga.dll
2011-02-09 07:03:38 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2011-02-09 07:03:38 ----A---- C:\Windows\system32\wscsvc.dll
2011-02-09 07:03:38 ----A---- C:\Windows\system32\slwga.dll
2011-02-09 07:03:36 ----A---- C:\Windows\system32\winsrv.dll
2011-02-09 07:03:35 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-02-09 07:03:35 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-02-09 07:03:35 ----A---- C:\Windows\system32\cdd.dll
2011-02-09 07:03:32 ----A---- C:\Windows\system32\vbscript.dll
2011-02-09 07:03:32 ----A---- C:\Windows\system32\jscript.dll
2011-02-09 07:03:27 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-02-09 07:03:27 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-02-09 07:03:23 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-09 07:03:23 ----A---- C:\Windows\system32\ntdll.dll
2011-02-09 07:03:22 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-02-09 07:03:22 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2011-02-09 07:03:21 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-02-09 07:03:20 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2011-02-09 07:03:20 ----A---- C:\Windows\system32\atmfd.dll
2011-02-09 07:03:19 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2011-02-09 07:03:19 ----A---- C:\Windows\system32\atmlib.dll
2011-02-05 11:50:38 ----D---- C:\Program Files (x86)\Flash
2011-02-04 14:51:32 ----D---- C:\Program Files (x86)\Fast Image Resizer
2011-02-04 14:24:39 ----D---- C:\Program Files (x86)\MonkeyJam
2011-02-03 19:19:21 ----D---- C:\Program Files\iPod
2011-02-03 19:19:18 ----D---- C:\Program Files\iTunes
2011-02-03 19:19:18 ----D---- C:\Program Files (x86)\iTunes
2011-01-29 12:21:47 ----D---- C:\Users\Admin\AppData\Roaming\MonkeyJam
2011-01-27 17:39:18 ----D---- C:\Program Files (x86)\Lame For Audacity
2011-01-26 22:01:41 ----D---- C:\Users\Admin\AppData\Roaming\D-Zed Software
2011-01-26 21:56:11 ----D---- C:\ProgramData\D-Zed Software
2011-01-26 21:56:11 ----D---- C:\Program Files (x86)\D-Zed Software
2011-01-25 16:52:29 ----D---- C:\Users\Admin\AppData\Roaming\Stop_Motion_Pro_Projects
2011-01-21 08:10:02 ----D---- C:\Program Files (x86)\Black_Box
2011-01-20 17:38:05 ----D---- C:\Windows\Minidump
======List of files/folders modified in the last 1 months======
2011-02-19 09:20:30 ----D---- C:\Windows\Prefetch
2011-02-19 09:20:26 ----D---- C:\Program Files (x86)\trend micro
2011-02-19 09:20:25 ----D---- C:\Windows\Temp
2011-02-19 09:16:36 ----D---- C:\Windows\system32\config
2011-02-18 23:26:07 ----D---- C:\Windows\system32\catroot2
2011-02-18 23:24:03 ----D---- C:\Users\Admin\AppData\Roaming\vlc
2011-02-18 21:33:35 ----D---- C:\Users\Admin\AppData\Roaming\uTorrent
2011-02-18 14:01:55 ----D---- C:\Windows\System32
2011-02-18 14:01:55 ----D---- C:\Windows\inf
2011-02-18 14:01:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-18 07:37:49 ----SHD---- C:\System Volume Information
2011-02-17 18:53:06 ----HD---- C:\ProgramData
2011-02-17 18:53:01 ----SHD---- C:\Windows\Installer
2011-02-17 18:53:01 ----HD---- C:\Config.Msi
2011-02-17 18:53:00 ----D---- C:\Program Files (x86)\Adobe
2011-02-17 18:33:34 ----RD---- C:\Program Files (x86)
2011-02-17 18:31:10 ----D---- C:\Windows\SysWOW64
2011-02-17 18:30:47 ----D---- C:\Windows\system32\drivers
2011-02-17 18:30:45 ----D---- C:\Windows\system32\DriverStore
2011-02-17 18:30:45 ----D---- C:\Windows\system32\catroot
2011-02-17 18:30:04 ----RD---- C:\Program Files
2011-02-16 18:05:33 ----D---- C:\Program Files (x86)\JDownloader
2011-02-15 16:19:24 ----D---- C:\Windows\SYSWOW64\drivers
2011-02-15 15:26:12 ----D---- C:\Program Files (x86)\World of Warcraft
2011-02-13 21:47:33 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-02-13 21:31:53 ----D---- C:\Users\Admin\AppData\Roaming\Skype
2011-02-13 16:45:02 ----D---- C:\Users\Admin\AppData\Roaming\skypePM
2011-02-13 12:33:20 ----D---- C:\Windows\system32\Tasks
2011-02-13 12:33:12 ----D---- C:\Program Files (x86)\Common Files
2011-02-11 17:47:52 ----D---- C:\Users\Admin\AppData\Roaming\dvdcss
2011-02-11 12:53:18 ----D---- C:\Program Files\Native Instruments
2011-02-11 12:53:18 ----D---- C:\Program Files\Common Files\Native Instruments
2011-02-10 06:23:23 ----D---- C:\Casino
2011-02-09 23:01:56 ----D---- C:\Users\Admin\AppData\Roaming\Audacity
2011-02-09 12:27:52 ----D---- C:\Windows\Microsoft.NET
2011-02-09 12:27:51 ----RSD---- C:\Windows\assembly
2011-02-09 11:45:29 ----D---- C:\Windows\winsxs
2011-02-09 11:43:43 ----D---- C:\Program Files\Internet Explorer
2011-02-09 11:43:43 ----D---- C:\Program Files (x86)\Internet Explorer
2011-02-09 07:57:03 ----D---- C:\Windows\debug
2011-02-09 07:56:58 ----A---- C:\Windows\system32\MRT.exe
2011-02-08 18:01:32 ----D---- C:\Users\Admin\AppData\Roaming\Adobe
2011-02-08 07:04:13 ----D---- C:\Windows\SYSWOW64\en-US
2011-02-08 07:04:13 ----D---- C:\Windows\system32\en-US
2011-02-08 07:04:09 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-02-07 07:55:16 ----D---- C:\Windows
2011-02-06 11:54:13 ----D---- C:\ProgramData\Adobe
2011-02-06 11:53:06 ----D---- C:\Program Files\Common Files\Adobe
2011-02-06 11:52:12 ----D---- C:\Program Files\Adobe
2011-02-06 11:39:33 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-02-06 11:37:42 ----D---- C:\Program Files (x86)\Winamp
2011-02-05 12:34:05 ----D---- C:\Windows\system32\NDF
2011-02-05 12:15:52 ----D---- C:\Windows\system32\drivers\etc
2011-02-02 14:24:58 ----D---- C:\Program Files (x86)\StarCraft II
2011-01-21 11:05:31 ----D---- C:\ProgramData\Ubisoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-03-23 834544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 27216]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 89680]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 53840]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-11-09 91568]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 22096]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 65616]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack; C:\Windows\system32\DRIVERS\MAudioFastTrack.sys [2009-10-02 187912]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
R3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-11 18288]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2010-10-11 12848]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2010-10-11 16168]
S1 SASDIFSV;SASDIFSV; \??\C:\Users\Admin\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Users\Admin\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys []
S2 Nsynas32;Nsynas32; C:\Windows\system32\drivers\Nsynas32.sys []
S2 zntport;NTPort Library Driver; \??\C:\Windows\syswow64\zntport.sys []
S3 avqce107;avqce107; C:\Windows\system32\drivers\avqce107.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 dump_wmimmc;dump_wmimmc; \??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys []
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver; C:\Windows\system32\DRIVERS\E1G6032E.sys [2009-06-10 145792]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys [2004-12-31 4682]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 SASENUM;SASENUM; \??\C:\Users\Admin\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2010-09-28 51712]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-23 36352]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-01-05 37664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-25 189736]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 KMService;KMService; C:\Windows\syswow64\srvany.exe [2003-04-18 8192]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-06-25 75064]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TabletServicePen;TabletServicePen; C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-10-26 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service; C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-10-26 487280]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-01-25 933664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-15 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-15 655624]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2010-06-27 3731176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736]
-----------------EOF-----------------
Děkuji
Run by Admin at 2011-02-19 09:20:25
Microsoft Windows 7 Ultimate
System drive C: has 51 GB (23%) free of 228 GB
Total RAM: 2046 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:20:29, on 19.2.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\trend micro\Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=14597&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
O4 - HKCU\..\Run: [Bamboo Dock] "C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9766 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
"C:\Program Files\Tablet\Pen\Pen_TouchService.exe"
/QuitInfo:000000000000042C;0000000000000430; /AddRef;
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"
/QuitInfo:00000000000004E4;0000000000000518; /AddRef;
/QuitInfo:00000000000004F4;0000000000000500;
"C:\Program Files\Tablet\Pen\Pen_TouchUser.exe"
"C:\Windows\system32\Dwm.exe"
/loadhooks /Parent:0000000000000668
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {FA9191F6-BB38-412F-8657-64282BDF2840}
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe"
taskeng.exe {7DF49A3E-3253-4D6B-8503-C5A0A7177565}
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\SysWOW64\srvany.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\KMService.exe
"C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe"
\??\C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\sppsvc.exe
"C:\Windows\System32\M-AudioTaskBarIcon.exe"
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Tablet\Pen\Pen_Tablet.exe"
"C:\Program Files\Tablet\Pen\Pen_TabletUser.exe"
"C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
"C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files\Tablet\Pen\Pen_Tablet.exe" au
C:\Windows\system32\svchost.exe -k HPService
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Bamboo Dock\BambooCore.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe" -Embedding
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
taskhost.exe $(Arg0)
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-325000265-1234438900-1662419739-10012_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-325000265-1234438900-1662419739-10012 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
"C:\Users\Admin\Downloads\RSITx64.exe"
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"=C:\Windows\system32\M-AudioTaskBarIcon.exe [2009-10-02 798216]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Bamboo Dock"=C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [2011-02-17 178176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-01-25 421160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2009-11-09 180224]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe -osboot []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe [2009-09-20 270336]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2009-11-25 81000]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"MaxMenuMgr"=C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2009-09-25 185640]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-01-25 421160]
"BambooCore"=C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [2011-02-17 629336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2011-02-19 09:20:25 ----D---- C:\rsit
2011-02-17 18:53:06 ----D---- C:\Users\Admin\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2011-02-17 18:53:06 ----D---- C:\ProgramData\Wacom
2011-02-17 18:52:46 ----D---- C:\Users\Admin\AppData\Roaming\Wacom
2011-02-17 18:33:34 ----D---- C:\Program Files (x86)\Bamboo Dock
2011-02-17 18:31:11 ----D---- C:\Users\Admin\AppData\Roaming\WTablet
2011-02-17 18:31:10 ----N---- C:\Windows\SYSWOW64\Pen_Touch_Tablet.dll
2011-02-17 18:31:10 ----N---- C:\Windows\system32\Pen_Touch_Tablet.dll
2011-02-17 18:31:02 ----D---- C:\Program Files (x86)\TabletPlugins
2011-02-17 18:30:44 ----A---- C:\Windows\system32\drivers\wacmoumonitor.sys
2011-02-17 18:30:35 ----A---- C:\Windows\system32\drivers\wacommousefilter.sys
2011-02-17 18:30:19 ----A---- C:\Windows\system32\drivers\wacomvhid.sys
2011-02-17 18:30:16 ----N---- C:\Windows\SYSWOW64\Wintab32.dll
2011-02-17 18:30:16 ----N---- C:\Windows\system32\Wintab32.dll
2011-02-17 18:30:15 ----N---- C:\Windows\SYSWOW64\Pen_Tablet.dll
2011-02-17 18:30:15 ----N---- C:\Windows\system32\Pen_Tablet.dll
2011-02-17 18:30:04 ----D---- C:\Program Files\Tablet
2011-02-11 12:54:46 ----HDC---- C:\ProgramData\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2011-02-09 07:04:19 ----A---- C:\Windows\system32\mshtml.dll
2011-02-09 07:04:18 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-02-09 07:04:08 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-02-09 07:04:06 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-02-09 07:04:06 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-09 07:04:05 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-02-09 07:04:05 ----A---- C:\Windows\system32\mstime.dll
2011-02-09 07:04:05 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-09 07:04:05 ----A---- C:\Windows\system32\iertutil.dll
2011-02-09 07:04:04 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-02-09 07:04:04 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-02-09 07:04:04 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-02-09 07:04:04 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-02-09 07:04:04 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-02-09 07:04:04 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-02-09 07:04:04 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-09 07:04:04 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-09 07:04:04 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-09 07:04:04 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-09 07:04:04 ----A---- C:\Windows\system32\iepeers.dll
2011-02-09 07:03:53 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2011-02-09 07:03:53 ----A---- C:\Windows\system32\kerberos.dll
2011-02-09 07:03:48 ----A---- C:\Windows\system32\win32k.sys
2011-02-09 07:03:42 ----A---- C:\Windows\system32\urlmon.dll
2011-02-09 07:03:42 ----A---- C:\Windows\system32\upnp.dll
2011-02-09 07:03:42 ----A---- C:\Windows\system32\msxml6.dll
2011-02-09 07:03:42 ----A---- C:\Windows\system32\msxml3.dll
2011-02-09 07:03:41 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-02-09 07:03:41 ----A---- C:\Windows\SYSWOW64\upnp.dll
2011-02-09 07:03:40 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-02-09 07:03:40 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2011-02-09 07:03:40 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2011-02-09 07:03:40 ----A---- C:\Windows\system32\wininet.dll
2011-02-09 07:03:40 ----A---- C:\Windows\system32\winhttp.dll
2011-02-09 07:03:40 ----A---- C:\Windows\system32\WebClnt.dll
2011-02-09 07:03:39 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2011-02-09 07:03:39 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-02-09 07:03:39 ----A---- C:\Windows\system32\wscapi.dll
2011-02-09 07:03:39 ----A---- C:\Windows\system32\ieframe.dll
2011-02-09 07:03:39 ----A---- C:\Windows\system32\davclnt.dll
2011-02-09 07:03:38 ----A---- C:\Windows\SYSWOW64\wscapi.dll
2011-02-09 07:03:38 ----A---- C:\Windows\SYSWOW64\winhttp.dll
2011-02-09 07:03:38 ----A---- C:\Windows\SYSWOW64\slwga.dll
2011-02-09 07:03:38 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2011-02-09 07:03:38 ----A---- C:\Windows\system32\wscsvc.dll
2011-02-09 07:03:38 ----A---- C:\Windows\system32\slwga.dll
2011-02-09 07:03:36 ----A---- C:\Windows\system32\winsrv.dll
2011-02-09 07:03:35 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-02-09 07:03:35 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-02-09 07:03:35 ----A---- C:\Windows\system32\cdd.dll
2011-02-09 07:03:32 ----A---- C:\Windows\system32\vbscript.dll
2011-02-09 07:03:32 ----A---- C:\Windows\system32\jscript.dll
2011-02-09 07:03:27 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-02-09 07:03:27 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-02-09 07:03:23 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-09 07:03:23 ----A---- C:\Windows\system32\ntdll.dll
2011-02-09 07:03:22 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-02-09 07:03:22 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2011-02-09 07:03:21 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-02-09 07:03:20 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2011-02-09 07:03:20 ----A---- C:\Windows\system32\atmfd.dll
2011-02-09 07:03:19 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2011-02-09 07:03:19 ----A---- C:\Windows\system32\atmlib.dll
2011-02-05 11:50:38 ----D---- C:\Program Files (x86)\Flash
2011-02-04 14:51:32 ----D---- C:\Program Files (x86)\Fast Image Resizer
2011-02-04 14:24:39 ----D---- C:\Program Files (x86)\MonkeyJam
2011-02-03 19:19:21 ----D---- C:\Program Files\iPod
2011-02-03 19:19:18 ----D---- C:\Program Files\iTunes
2011-02-03 19:19:18 ----D---- C:\Program Files (x86)\iTunes
2011-01-29 12:21:47 ----D---- C:\Users\Admin\AppData\Roaming\MonkeyJam
2011-01-27 17:39:18 ----D---- C:\Program Files (x86)\Lame For Audacity
2011-01-26 22:01:41 ----D---- C:\Users\Admin\AppData\Roaming\D-Zed Software
2011-01-26 21:56:11 ----D---- C:\ProgramData\D-Zed Software
2011-01-26 21:56:11 ----D---- C:\Program Files (x86)\D-Zed Software
2011-01-25 16:52:29 ----D---- C:\Users\Admin\AppData\Roaming\Stop_Motion_Pro_Projects
2011-01-21 08:10:02 ----D---- C:\Program Files (x86)\Black_Box
2011-01-20 17:38:05 ----D---- C:\Windows\Minidump
======List of files/folders modified in the last 1 months======
2011-02-19 09:20:30 ----D---- C:\Windows\Prefetch
2011-02-19 09:20:26 ----D---- C:\Program Files (x86)\trend micro
2011-02-19 09:20:25 ----D---- C:\Windows\Temp
2011-02-19 09:16:36 ----D---- C:\Windows\system32\config
2011-02-18 23:26:07 ----D---- C:\Windows\system32\catroot2
2011-02-18 23:24:03 ----D---- C:\Users\Admin\AppData\Roaming\vlc
2011-02-18 21:33:35 ----D---- C:\Users\Admin\AppData\Roaming\uTorrent
2011-02-18 14:01:55 ----D---- C:\Windows\System32
2011-02-18 14:01:55 ----D---- C:\Windows\inf
2011-02-18 14:01:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-18 07:37:49 ----SHD---- C:\System Volume Information
2011-02-17 18:53:06 ----HD---- C:\ProgramData
2011-02-17 18:53:01 ----SHD---- C:\Windows\Installer
2011-02-17 18:53:01 ----HD---- C:\Config.Msi
2011-02-17 18:53:00 ----D---- C:\Program Files (x86)\Adobe
2011-02-17 18:33:34 ----RD---- C:\Program Files (x86)
2011-02-17 18:31:10 ----D---- C:\Windows\SysWOW64
2011-02-17 18:30:47 ----D---- C:\Windows\system32\drivers
2011-02-17 18:30:45 ----D---- C:\Windows\system32\DriverStore
2011-02-17 18:30:45 ----D---- C:\Windows\system32\catroot
2011-02-17 18:30:04 ----RD---- C:\Program Files
2011-02-16 18:05:33 ----D---- C:\Program Files (x86)\JDownloader
2011-02-15 16:19:24 ----D---- C:\Windows\SYSWOW64\drivers
2011-02-15 15:26:12 ----D---- C:\Program Files (x86)\World of Warcraft
2011-02-13 21:47:33 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-02-13 21:31:53 ----D---- C:\Users\Admin\AppData\Roaming\Skype
2011-02-13 16:45:02 ----D---- C:\Users\Admin\AppData\Roaming\skypePM
2011-02-13 12:33:20 ----D---- C:\Windows\system32\Tasks
2011-02-13 12:33:12 ----D---- C:\Program Files (x86)\Common Files
2011-02-11 17:47:52 ----D---- C:\Users\Admin\AppData\Roaming\dvdcss
2011-02-11 12:53:18 ----D---- C:\Program Files\Native Instruments
2011-02-11 12:53:18 ----D---- C:\Program Files\Common Files\Native Instruments
2011-02-10 06:23:23 ----D---- C:\Casino
2011-02-09 23:01:56 ----D---- C:\Users\Admin\AppData\Roaming\Audacity
2011-02-09 12:27:52 ----D---- C:\Windows\Microsoft.NET
2011-02-09 12:27:51 ----RSD---- C:\Windows\assembly
2011-02-09 11:45:29 ----D---- C:\Windows\winsxs
2011-02-09 11:43:43 ----D---- C:\Program Files\Internet Explorer
2011-02-09 11:43:43 ----D---- C:\Program Files (x86)\Internet Explorer
2011-02-09 07:57:03 ----D---- C:\Windows\debug
2011-02-09 07:56:58 ----A---- C:\Windows\system32\MRT.exe
2011-02-08 18:01:32 ----D---- C:\Users\Admin\AppData\Roaming\Adobe
2011-02-08 07:04:13 ----D---- C:\Windows\SYSWOW64\en-US
2011-02-08 07:04:13 ----D---- C:\Windows\system32\en-US
2011-02-08 07:04:09 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-02-07 07:55:16 ----D---- C:\Windows
2011-02-06 11:54:13 ----D---- C:\ProgramData\Adobe
2011-02-06 11:53:06 ----D---- C:\Program Files\Common Files\Adobe
2011-02-06 11:52:12 ----D---- C:\Program Files\Adobe
2011-02-06 11:39:33 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-02-06 11:37:42 ----D---- C:\Program Files (x86)\Winamp
2011-02-05 12:34:05 ----D---- C:\Windows\system32\NDF
2011-02-05 12:15:52 ----D---- C:\Windows\system32\drivers\etc
2011-02-02 14:24:58 ----D---- C:\Program Files (x86)\StarCraft II
2011-01-21 11:05:31 ----D---- C:\ProgramData\Ubisoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-03-23 834544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 27216]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 89680]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 53840]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-11-09 91568]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 22096]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 65616]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack; C:\Windows\system32\DRIVERS\MAudioFastTrack.sys [2009-10-02 187912]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
R3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-11 18288]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2010-10-11 12848]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2010-10-11 16168]
S1 SASDIFSV;SASDIFSV; \??\C:\Users\Admin\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Users\Admin\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys []
S2 Nsynas32;Nsynas32; C:\Windows\system32\drivers\Nsynas32.sys []
S2 zntport;NTPort Library Driver; \??\C:\Windows\syswow64\zntport.sys []
S3 avqce107;avqce107; C:\Windows\system32\drivers\avqce107.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 dump_wmimmc;dump_wmimmc; \??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys []
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver; C:\Windows\system32\DRIVERS\E1G6032E.sys [2009-06-10 145792]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys [2004-12-31 4682]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 SASENUM;SASENUM; \??\C:\Users\Admin\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2010-09-28 51712]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-23 36352]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-01-05 37664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-25 189736]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 KMService;KMService; C:\Windows\syswow64\srvany.exe [2003-04-18 8192]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-06-25 75064]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TabletServicePen;TabletServicePen; C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-10-26 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service; C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-10-26 487280]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-01-25 933664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-15 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-15 655624]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2010-06-27 3731176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736]
-----------------EOF-----------------
Děkuji
jako admin