velmi zbržděný internet

[ententeak]

Zdravím.. včera odpoledne jsem si zkusil po dlouhé době speedtest.net, protože se mi zdálo, že mi nějak pomalu běží net a ona ano.. skoro desetinovou rychlostí, než obvykle, tak jsem zkusil speedtest na jiném PC a tam jsem naměřil "plných" 50Mbps download (zatímco na svém sotva 5Mbps, při vypnutém Steamu, QIP, atd..).. Nepředpokládám, že by chyba byla v routeru a tak žádám o radu Vás, odborníky na RSIT logy, jestli mi v tom něco najdete, co mi tak razantně brzdí spojení.
Předem díky za radu..

Log.txt:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ententeak at 2011-07-16 00:52:07
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 28 GB (28%) free of 100 GB
Total RAM: 4096 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:52:11, on 16.7.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\MHotKey.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe
C:\Program Files (x86)\iTap mobile\iTap mobile\iTap.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files (x86)\KWorld Multimedia\RC Utility\KWRCtl.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Z:\Steam\steam.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\Program Files\trend micro\Ententeak.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "Z:\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [iTap] C:\Program Files (x86)\iTap mobile\iTap mobile\iTap.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ententeak\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP Infium\infium.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2208836425-1500219768-807306282-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2208836425-1500219768-807306282-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Remote Control.lnk = C:\Program Files (x86)\KWorld Multimedia\RC Utility\KWRCtl.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{433D0317-C933-41B0-AC51-73DE12867122}: NameServer = 93.89.159.2,82.208.56.105
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12537 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
/QuitInfo:0000000000000240;0000000000000258; /AddRef;
"C:\Program Files\Tablet\Pen\Pen_TouchService.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
/QuitInfo:000000000000015C;0000000000000160; /AddRef;
/QuitInfo:0000000000000330;0000000000000190;
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
"C:\Program Files\Tablet\Pen\Pen_TouchUser.exe"
"C:\Program Files\Aston2\Aston2.exe"
/loadhooks /Parent:00000000000006CC
C:\Windows\SysWOW64\svchost.exe -k Akamai
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
taskeng.exe {BBDD9DEE-1154-43F6-9EAC-A4369550B719}
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\MHotKey.exe
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe"
C:\Windows\ChiFuncExt.exe
"C:\Program Files\Tablet\Pen\Pen_Tablet.exe"
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" Minimum
"C:\Program Files (x86)\iTap mobile\iTap mobile\iTap.exe"
"C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
"C:\Program Files\Tablet\Pen\Pen_TabletUser.exe"
"C:\Program Files (x86)\KWorld Multimedia\RC Utility\KWRCtl.exe"
"C:\Program Files (x86)\Xfire\Xfire.exe"
"C:\Program Files\Tablet\Pen\Pen_Tablet.exe" au
"C:\Windows\CmUCREye_x64.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Xfire\xfire64.exe" xfire64.exe /pid 3012
WLIDSvcM.exe 2540
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-82d58ac8-e58e-432e-8aeb-96f5ef55005a -SystemEventPortName:HostProcess-3cc7e721-26ed-40d1-b2cf-139bd28995d0 -IoCancelEventPortName:HostProcess-a5b6d4a0-f610-4d9e-a495-24f19e35e4dc -NonStateChangingEventPortName:HostProcess-fb8c4653-d563-45a0-b4d0-d1ceb64e1e39 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:b595f3c1-829e-4071-8e9f-a92409ee13db
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Xfire\xfire64.exe" xfire64.exe /pid 3012
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5784.15ef1860.1766914583 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" "Mozilla.Firefox.5.0" -omnijar C:\Program Files (x86)\Mozilla Firefox\omni.jar 5784 \\.\pipe\gecko-crash-server-pipe.5784 plugin
"taskhost.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-fafd7d9b-9a98-4188-b56f-1cfc07b12857 -SystemEventPortName:HostProcess-bdbcc4c3-b781-4a15-809d-bef8068940cc -IoCancelEventPortName:HostProcess-3466c27a-b32b-486a-b7a6-eaed3730bf5b -NonStateChangingEventPortName:HostProcess-693abf1f-bd31-43e5-a21a-79f1a476c828 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:0a457ba2-be27-4fdc-ba57-ef6b3090561d
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5784.15d1f400.324869918 "C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll" "Mozilla.Firefox.5.0" -omnijar C:\Program Files (x86)\Mozilla Firefox\omni.jar 5784 \\.\pipe\gecko-crash-server-pipe.5784 plugin
"Z:\Steam\steam.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{DE5DBCDC-104A-4CBC-A4D5-0C2104A142C5}
"C:\Program Files (x86)\Last.fm\LastFM.exe" --tray
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
"D:\___ochrany\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2208836425-1500219768-807306282-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2208836425-1500219768-807306282-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2, {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, {9935ef86-61cd-4f48-a057-ab2c5172031d}:2.6.2, safariviewwin@systemantics.net:0.5.3, NPDyyno@dyyno.com:1.0.0.24, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, personas@christopher.beard:1.6.2, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}:5.3.2, yyginstantplay@yoyogames.com:1.1.0.24, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, extension@virtusdesigns.com:3.6.7, pastebin.com@gmail.com:3.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, engine@conduit.com:3.3.3.2, {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.7, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://www.google.cz/search?q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files (x86)\TabletPlugins\npwacom.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.CZE
nppdf32.dll
nppdf32.HRV
nppdf32.HUN
nppdf32.POL
nppdf32.SKY
nppdf32.SLV
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npwachk.dll
QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\
anycolor.pavlos256@gmail.com
engine@conduit.com
extension@virtusdesigns.com
jid0-RZ1wv8WwA7CKjr2eJZV648uKiuE@jetpack
NPDyyno@dyyno.com
pastebin.com@gmail.com
personas@christopher.beard
safariviewwin@systemantics.net
support@predictad.com
yyginstantplay@yoyogames.com
{1c70e98e-bd0d-11db-8314-0800200c9a66}
{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
{7694c49c-9fbd-11dc-8314-0800200c9a66}
{77b819fa-95ad-4f2c-ac7c-486b356188a9}
{77b819fa-95ad-4f2c-ac7c-486b356188a9}(2)
{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}

C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\searchplugins\
facebook.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 6718864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19 164496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2011-02-12 4220304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-06-06 339872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-06-06 339872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19 164496]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-06-06 339872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-01-12 2918656]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-02 11545192]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30 499608]
"Cmiboot"=C:\Windows\cmiboot.exe [2007-02-07 65536]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]
"AutoKMS"=C:\Windows\AutoKMS.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=Z:\Steam\steam.exe [2011-07-15 1242448]
"OscarEditor"=C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe [2011-02-11 3357696]
"iTap"=C:\Program Files (x86)\iTap mobile\iTap mobile\iTap.exe [2010-11-23 5910528]
"DAEMON Tools Pro Agent"=C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2011-03-17 842048]
"AdobeBridge"= []
"Google Update"=C:\Users\Ententeak\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 136176]
"Infium"=C:\Program Files (x86)\QIP Infium\infium.exe [2011-05-11 6848384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2011-06-06 2903448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2011-06-06 36760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Ententeak\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicTuneEngine]
C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe [2011-01-17 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-09-03 1406248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TiVme Agent]
C:\Program Files (x86)\KWorld Multimedia\TiVme\ScheduleAgent.exe [2009-12-11 113664]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2011-03-22 74752]
""= []
"LchDrvKey"=C:\Windows\LchDrvKey.exe [2007-03-28 36864]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-06-07 421160]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2011-06-06 36760]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2011-06-06 2903448]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_CURRENT_USER\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"TiVme Agent"=C:\Program Files (x86)\KWorld Multimedia\TiVmeScheduleAgent.exe []

C:\Users\Ententeak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Remote Control.lnk - C:\Program Files (x86)\KWorld Multimedia\RC Utility\KWRCtl.exe
Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 6718864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2011-02-12 4220304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XFR1"=xfcodec64.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - C:\PROGRA~2\PSPADE~1\PSPad.exe "%1"

======List of files/folders created in the last 1 month======

2011-07-16 00:52:07 ----D---- C:\rsit
2011-07-16 00:52:07 ----D---- C:\Program Files\trend micro
2011-07-15 13:53:26 ----D---- C:\Users\Ententeak\AppData\Roaming\ZombieDriver
2011-07-15 13:53:18 ----D---- C:\Program Files (x86)\OpenAL
2011-07-15 13:53:18 ----A---- C:\Windows\SYSWOW64\wrap_oal.dll
2011-07-15 13:53:18 ----A---- C:\Windows\SYSWOW64\OpenAL32.dll
2011-07-15 13:53:18 ----A---- C:\Windows\system32\wrap_oal.dll
2011-07-15 13:53:18 ----A---- C:\Windows\system32\OpenAL32.dll
2011-07-14 19:14:45 ----D---- C:\Program Files (x86)\MSXML 4.0
2011-07-13 18:40:15 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-13 18:40:15 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 18:40:14 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 18:40:13 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 18:40:08 ----A---- C:\Windows\system32\win32k.sys
2011-07-13 18:40:05 ----A---- C:\Windows\system32\wow64win.dll
2011-07-13 18:40:05 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 18:40:05 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 18:40:05 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 18:40:04 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-13 18:40:04 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-13 18:40:04 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-13 18:40:04 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-13 18:40:04 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-13 18:40:04 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-13 18:40:04 ----A---- C:\Windows\system32\wow64.dll
2011-07-13 18:40:04 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-13 18:40:03 ----A---- C:\Windows\SYSWOW64\user.exe
2011-07-10 10:09:43 ----D---- C:\Program Files (x86)\Apple Software Update
2011-07-09 19:02:17 ----D---- C:\Users\Ententeak\AppData\Roaming\System
2011-07-09 19:02:13 ----SHD---- C:\Users\Ententeak\AppData\Roaming\wyUpdate AU
2011-07-09 18:25:47 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-07-09 18:25:47 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-07-09 18:25:47 ----A---- C:\Windows\SYSWOW64\java.exe
2011-07-08 06:33:17 ----D---- C:\Program Files (x86)\Trend Micro
2011-07-06 21:40:59 ----D---- C:\ArmyBuilder
2011-07-05 17:58:49 ----A---- C:\Windows\KMSEmulator.exe
2011-07-05 17:51:49 ----D---- C:\Program Files\Common Files\DESIGNER
2011-07-05 17:51:18 ----D---- C:\Program Files\Microsoft Synchronization Services
2011-07-05 17:50:58 ----D---- C:\Windows\PCHEALTH
2011-07-05 17:50:58 ----D---- C:\Program Files\Microsoft Sync Framework
2011-07-05 17:50:58 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2011-07-05 17:49:31 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-07-05 17:48:44 ----D---- C:\Program Files\Microsoft Analysis Services
2011-07-05 17:48:44 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2011-07-05 17:48:27 ----D---- C:\Program Files (x86)\Microsoft Office
2011-07-05 17:48:24 ----D---- C:\Program Files\Microsoft Office
2011-07-05 17:47:59 ----RHD---- C:\MSOCache
2011-06-29 11:32:25 ----D---- C:\Users\Ententeak\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-06-29 11:31:18 ----A---- C:\Windows\SurCode.INI
2011-06-29 11:31:17 ----D---- C:\Users\Ententeak\AppData\Roaming\PACE Anti-Piracy
2011-06-29 11:31:17 ----D---- C:\ProgramData\PACE Anti-Piracy
2011-06-29 11:31:17 ----D---- C:\Program Files\Common Files\PACE Anti-Piracy
2011-06-29 09:54:08 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-29 09:54:07 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-06-29 09:54:07 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-06-29 09:54:07 ----A---- C:\Windows\SYSWOW64\devobj.dll
2011-06-29 09:54:07 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-06-29 09:54:05 ----A---- C:\Windows\system32\tquery.dll
2011-06-29 09:54:05 ----A---- C:\Windows\system32\mssrch.dll
2011-06-29 09:54:04 ----A---- C:\Windows\SYSWOW64\tquery.dll
2011-06-29 09:54:04 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2011-06-29 09:54:04 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-29 09:54:04 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-29 09:54:03 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2011-06-29 09:54:03 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2011-06-29 09:54:03 ----A---- C:\Windows\SYSWOW64\mssph.dll
2011-06-29 09:54:02 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2011-06-29 09:54:02 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-29 09:54:02 ----A---- C:\Windows\system32\mssvp.dll
2011-06-29 09:54:02 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-29 09:54:02 ----A---- C:\Windows\system32\mssph.dll
2011-06-29 09:54:01 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2011-06-29 09:54:01 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2011-06-29 09:54:01 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2011-06-29 09:54:01 ----A---- C:\Windows\system32\msscntrs.dll
2011-06-21 15:32:59 ----D---- C:\Program Files (x86)\Microsoft XNA
2011-06-20 17:08:06 ----D---- C:\Users\Ententeak\AppData\Roaming\AtomZombieData
2011-06-20 16:06:21 ----D---- C:\Users\Ententeak\AppData\Roaming\GridRunnerRev
2011-06-19 16:39:34 ----D---- C:\Program Files (x86)\Cheat Engine 6.1

======List of files/folders modified in the last 1 month======

2011-07-16 00:52:09 ----D---- C:\Windows\Temp
2011-07-16 00:52:07 ----RD---- C:\Program Files
2011-07-15 23:46:06 ----D---- C:\Windows\system32\config
2011-07-15 23:40:53 ----SHD---- C:\Windows\Installer
2011-07-15 23:40:53 ----RSD---- C:\Windows\assembly
2011-07-15 23:40:53 ----HD---- C:\Config.Msi
2011-07-15 23:40:38 ----SHD---- C:\System Volume Information
2011-07-15 23:39:56 ----D---- C:\Windows\SysWOW64
2011-07-15 23:39:55 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-07-15 23:39:46 ----D---- C:\Windows\inf
2011-07-15 23:39:33 ----D---- C:\Windows\System32
2011-07-15 23:39:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-15 23:36:46 ----D---- C:\Windows\Microsoft.NET
2011-07-15 23:36:38 ----D---- C:\Windows\SYSWOW64\en-US
2011-07-15 23:36:38 ----D---- C:\Windows\system32\en-US
2011-07-15 23:36:05 ----D---- C:\Windows
2011-07-15 21:39:47 ----D---- C:\Windows\Prefetch
2011-07-15 21:27:38 ----D---- C:\Program Files (x86)\QIP Infium
2011-07-15 21:27:18 ----D---- C:\ProgramData\NVIDIA
2011-07-15 18:06:02 ----D---- C:\Users\Ententeak\AppData\Roaming\Xfire
2011-07-15 13:53:18 ----RD---- C:\Program Files (x86)
2011-07-15 13:15:49 ----D---- C:\Program Files (x86)\Zoom Player
2011-07-15 09:17:17 ----D---- C:\Users\Ententeak\AppData\Roaming\Adobe
2011-07-14 19:31:47 ----D---- C:\ProgramData\Microsoft Help
2011-07-14 19:28:55 ----D---- C:\Program Files\Common Files\System
2011-07-14 19:28:55 ----A---- C:\Windows\win.ini
2011-07-14 19:14:58 ----D---- C:\Windows\winsxs
2011-07-13 21:49:38 ----D---- C:\Windows\system32\DriverStore
2011-07-13 21:49:38 ----D---- C:\Windows\AppPatch
2011-07-13 18:41:42 ----A---- C:\Windows\system32\MRT.exe
2011-07-13 18:39:06 ----D---- C:\Windows\system32\catroot2
2011-07-13 18:39:06 ----D---- C:\Windows\system32\catroot
2011-07-10 10:09:45 ----D---- C:\Windows\system32\Tasks
2011-07-09 18:27:05 ----D---- C:\Program Files (x86)\Common Files
2011-07-09 18:25:43 ----D---- C:\Program Files (x86)\Java
2011-07-09 07:00:20 ----D---- C:\ProgramData\Xfire
2011-07-05 18:56:34 ----A---- C:\Windows\WINCMD.INI
2011-07-05 18:14:24 ----A---- C:\Windows\wcx_ftp.ini
2011-07-05 17:51:54 ----RSD---- C:\Windows\Fonts
2011-07-05 17:51:50 ----D---- C:\Windows\ShellNew
2011-07-05 17:51:49 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-07-05 17:51:49 ----D---- C:\Program Files\Common Files
2011-07-05 17:51:09 ----D---- C:\Program Files (x86)\MSBuild
2011-07-05 17:50:58 ----ASD---- C:\ProgramData\Microsoft
2011-07-05 12:37:37 ----D---- C:\Windows\system32\NDF
2011-06-29 11:31:17 ----HD---- C:\ProgramData
2011-06-27 15:08:41 ----D---- C:\Windows\Tasks
2011-06-27 15:08:41 ----D---- C:\Windows\system32\wfp
2011-06-27 15:08:41 ----D---- C:\Windows\system32\wbem
2011-06-27 15:08:41 ----D---- C:\Windows\system32\CodeIntegrity
2011-06-27 15:08:41 ----D---- C:\Windows\AppCompat
2011-06-27 15:08:41 ----D---- C:\Users\Ententeak\AppData\Roaming\Winamp
2011-06-27 15:08:35 ----D---- C:\Windows\registration
2011-06-23 20:31:02 ----D---- C:\Users\Ententeak\AppData\Roaming\.minecraft
2011-06-22 12:17:02 ----SD---- C:\Users\Ententeak\AppData\Roaming\Microsoft
2011-06-21 18:38:26 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-06-17 08:47:24 ----D---- C:\Windows\system32\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 Si3132r5;SiI-3132 SoftRaid 5 Controller; C:\Windows\system32\DRIVERS\Si3132r5.sys [2007-12-26 337960]
R0 SiFilter;SATALink driver accelerator; C:\Windows\system32\DRIVERS\SiWinAcc.sys [2007-12-26 22568]
R0 SiRemFil;SATALink External Device Filter; C:\Windows\system32\DRIVERS\SiRemFil.sys [2007-12-26 16936]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-05-16 526392]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R1 MagicTune;MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [2008-11-04 23096]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-12-21 170640]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 50624]
R3 3xHybr64;3xHybrid service; C:\Windows\system32\DRIVERS\3xHybr64.sys [2007-04-20 873216]
R3 CMIUCR;CMIUCR.SYS CM320/CM220 Card Reader Driver; C:\Windows\system32\DRIVERS\cmiucr_x64.SYS [2007-01-15 160256]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-12-21 34144]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-02 2536040]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2011-05-25 174184]
R3 NVNET;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys [2010-08-12 350952]
R3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2010-10-05 12848]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2010-10-05 16168]
R3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 apc9mxu4;apc9mxu4; C:\Windows\system32\drivers\apc9mxu4.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2011-05-11 22336]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 18288]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-13 73984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2011-04-06 349472]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-25 1016936]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2009-07-24 189728]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R2 TabletServicePen;TabletServicePen; C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R2 TouchServicePen;Wacom Consumer Touch Service; C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-06-07 934176]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2011-01-12 42360]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 51727736]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-06-02 403240]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-11 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[ententeak]

P.S.: Upload je v normě kolem těch 40Mbps

(druhej kompík už je vypnutej, tak ho nebudu kvůli jednomu obrázku zapínat..)

Jo: a je úplně jedno, jakej prohlížeč použiju...

[vyosek]

Zdravim a pekny den preji

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[ententeak]

ComboFix 11-07-15.03 - Ententeak 16.07.2011 8:56.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4096.2505 [GMT 2:00]
Spuštěný z: d:\___ochrany\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
Z:\install.exe
z:\steam\steam.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-16 do 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-16 07:02 . 2011-07-16 07:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-07-16 07:02 . 2011-07-16 07:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-16 06:55 . 2011-07-16 06:55 -------- d-----w- C:\32788R22FWJFW
2011-07-15 22:52 . 2011-07-15 22:52 -------- d-----w- C:\rsit
2011-07-15 22:52 . 2011-07-15 22:52 -------- d-----w- c:\program files\trend micro
2011-07-15 11:55 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8420FD84-3CDB-47FD-A18E-8B147327D74F}\mpengine.dll
2011-07-15 11:53 . 2011-07-15 11:53 -------- d-----w- c:\users\Ententeak\AppData\Roaming\ZombieDriver
2011-07-15 11:53 . 2011-07-15 11:53 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-15 11:53 . 2011-07-15 11:53 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-07-15 11:53 . 2011-07-15 11:53 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-07-15 11:53 . 2011-07-15 11:53 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-07-15 11:53 . 2011-07-15 11:53 -------- d-----w- c:\program files (x86)\OpenAL
2011-07-14 17:14 . 2011-07-14 17:14 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-07-10 08:09 . 2011-07-10 08:09 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-09 17:02 . 2011-07-09 17:02 -------- d-----w- c:\users\Ententeak\AppData\Roaming\System
2011-07-09 17:02 . 2011-07-09 17:02 -------- d-----w- c:\users\Ententeak\AppData\Local\Universe Sandbox
2011-07-09 17:02 . 2011-07-09 17:06 -------- d-sh--w- c:\users\Ententeak\AppData\Roaming\wyUpdate AU
2011-07-09 16:27 . 2011-07-09 16:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-09 16:25 . 2011-05-04 02:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-08 04:33 . 2011-07-08 04:33 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-06 19:40 . 2011-07-06 19:44 -------- d-----w- C:\ArmyBuilder
2011-07-05 15:58 . 2011-07-05 15:58 77824 ----a-w- c:\windows\KMSEmulator.exe
2011-07-05 15:51 . 2011-07-05 15:51 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-07-05 15:50 . 2011-07-05 15:50 -------- d-----w- c:\windows\PCHEALTH
2011-07-05 15:50 . 2011-07-05 15:50 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-07-05 15:50 . 2011-07-05 15:50 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-07-05 15:49 . 2011-07-05 15:49 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-07-05 15:48 . 2011-07-05 15:48 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-07-05 15:48 . 2011-07-05 15:48 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-07-05 15:47 . 2011-07-05 15:47 -------- d-----r- C:\MSOCache
2011-06-29 09:32 . 2011-06-29 09:32 -------- d-----w- c:\users\Ententeak\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-06-29 09:31 . 2011-06-29 09:31 -------- d-----w- c:\users\Ententeak\AppData\Roaming\PACE Anti-Piracy
2011-06-29 09:31 . 2011-06-29 09:31 -------- d-----w- c:\programdata\PACE Anti-Piracy
2011-06-29 09:31 . 2011-06-29 09:31 -------- d-----w- c:\users\Ententeak\AppData\Local\PACE Anti-Piracy
2011-06-29 09:31 . 2011-06-29 09:31 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2011-06-21 16:38 . 2011-06-21 16:38 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 16:38 . 2011-06-21 16:38 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-21 13:32 . 2011-06-21 13:32 -------- d-----w- c:\program files (x86)\Microsoft XNA
2011-06-20 15:08 . 2011-06-20 21:22 -------- d-----w- c:\users\Ententeak\AppData\Roaming\AtomZombieData
2011-06-20 14:06 . 2011-06-20 14:06 -------- d-----w- c:\users\Ententeak\AppData\Roaming\GridRunnerRev
2011-06-19 14:39 . 2011-06-19 14:39 -------- d-----w- c:\program files (x86)\Cheat Engine 6.1
2011-06-16 10:33 . 2011-06-16 10:33 -------- d-----w- c:\users\Ententeak\AppData\Local\gMapMaker
2011-06-16 10:02 . 2011-06-16 10:02 -------- d-----w- c:\program files (x86)\gMapMaker
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 16:28 . 2011-05-18 20:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-06 19:55 . 2011-06-06 19:55 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2011-06-06 19:55 . 2011-06-06 19:55 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
2011-06-03 05:57 . 2011-07-13 16:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-25 07:25 . 2011-06-02 14:27 29288 ----a-w- c:\windows\system32\nvhdap64.dll
2011-05-25 07:25 . 2011-06-02 14:27 174184 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2011-05-25 07:25 . 2011-06-02 14:27 1426536 ----a-w- c:\windows\system32\nvhdagenco642040.dll
2011-05-25 07:25 . 2011-04-07 21:19 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 07:25 . 2011-04-07 21:19 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-05-25 07:25 . 2011-04-07 21:18 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
2011-05-25 07:25 . 2010-07-09 14:27 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 07:25 . 2011-04-07 21:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 07:25 . 2011-04-07 21:19 6300776 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 07:25 . 2011-04-07 21:19 739432 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-05-25 07:25 . 2011-06-02 14:27 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 07:25 . 2011-06-02 14:27 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-05-25 07:25 . 2011-05-11 15:23 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-05-25 07:25 . 2011-06-02 14:27 22286952 ----a-w- c:\windows\system32\nvoglv64.dll
2011-05-25 07:25 . 2011-05-11 15:23 6555240 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-05-25 07:25 . 2011-06-02 14:27 16456296 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-05-25 07:25 . 2011-06-02 14:27 13206120 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-25 07:25 . 2011-06-02 14:27 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-05-25 07:25 . 2011-06-02 14:27 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
2011-05-25 07:25 . 2011-06-02 14:27 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
2011-05-25 07:25 . 2011-05-11 15:23 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-05-25 07:25 . 2011-06-02 14:27 7123560 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 07:25 . 2011-06-02 14:27 5301352 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-05-25 07:25 . 2011-06-02 14:27 2943592 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 07:25 . 2011-06-02 14:27 2804328 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-05-25 07:25 . 2011-06-02 14:27 2212968 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 07:25 . 2011-06-02 14:27 2082408 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-05-25 07:25 . 2011-06-02 14:27 18583144 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 07:25 . 2011-06-02 14:27 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-05-25 07:25 . 2011-05-11 15:23 2644584 ----a-w- c:\windows\system32\nvapi64.dll
2011-05-25 07:25 . 2011-05-11 15:23 2335848 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-05-24 17:14 . 2011-05-11 15:26 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-22 16:00 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-05-22 16:00 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-05-12 20:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-12 20:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-11 21:41 . 2011-05-11 21:41 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-11 21:41 . 2011-05-11 21:41 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-11 21:41 . 2011-05-11 21:41 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-11 21:41 . 2011-05-11 21:41 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-11 21:41 . 2011-05-11 21:41 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-11 21:41 . 2011-05-11 21:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-11 21:41 . 2011-05-11 21:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-11 21:41 . 2011-05-11 21:41 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-11 21:41 . 2011-05-11 21:41 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-11 21:41 . 2011-05-11 21:41 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-11 21:41 . 2011-05-11 21:41 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-11 21:41 . 2011-05-11 21:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-11 21:41 . 2011-05-11 21:41 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-11 21:41 . 2011-05-11 21:41 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-11 21:41 . 2011-05-11 21:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-11 21:41 . 2011-05-11 21:41 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-11 21:41 . 2011-05-11 21:41 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-11 21:41 . 2011-05-11 21:41 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-11 21:41 . 2011-05-11 21:41 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-11 21:41 . 2011-05-11 21:41 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-11 21:41 . 2011-05-11 21:41 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-11 21:41 . 2011-05-11 21:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-11 21:41 . 2011-05-11 21:41 448512 ----a-w- c:\windows\system32\html.iec
2011-05-11 21:41 . 2011-05-11 21:41 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-11 21:41 . 2011-05-11 21:41 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-11 21:41 . 2011-05-11 21:41 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-11 21:41 . 2011-05-11 21:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-11 21:41 . 2011-05-11 21:41 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-11 21:41 . 2011-05-11 21:41 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-11 21:41 . 2011-05-11 21:41 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-11 21:41 . 2011-05-11 21:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-11 21:41 . 2011-05-11 21:41 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-11 21:41 . 2011-05-11 21:41 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-11 21:41 . 2011-05-11 21:41 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-11 21:41 . 2011-05-11 21:41 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-11 21:41 . 2011-05-11 21:41 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-11 21:41 . 2011-05-11 21:41 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-11 21:41 . 2011-05-11 21:41 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-05-11 16:24 . 2011-05-11 15:41 22336 ----a-w- c:\windows\gdrv.sys
2011-05-11 16:22 . 2011-05-11 15:54 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-05-10 06:06 . 2011-05-10 06:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 06:06 . 2011-05-10 06:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-04 02:52 . 2011-05-11 17:16 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-03 05:29 . 2011-06-15 06:04 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-15 06:04 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:06 . 2011-06-15 06:04 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:05 . 2011-06-15 06:04 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:05 . 2011-06-15 06:04 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:40 . 2011-06-15 06:05 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-27 02:39 . 2011-06-15 06:05 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:39 . 2011-06-15 06:05 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-25 05:33 . 2011-06-15 06:04 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:34 . 2011-06-15 06:04 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-23 01:29 . 2011-06-15 06:12 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-23 01:19 . 2011-06-15 06:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-22 23:35 . 2011-06-15 06:12 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-22 23:25 . 2011-06-15 06:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-22 22:15 . 2011-05-25 16:58 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-17 19:57 . 2011-04-17 19:57 41872 ----a-w- c:\windows\SysWow64\xfcodec.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" [2011-02-11 3357696]
"iTap"="c:\program files (x86)\iTap mobile\iTap mobile\iTap.exe" [2010-11-23 5910528]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
"Infium"="c:\program files (x86)\QIP Infium\infium.exe" [2011-05-11 6848384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"LchDrvKey"="LchDrvKey.exe" [2007-03-28 36864]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-06-06 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-06-06 2903448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Ententeak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Remote Control.lnk - c:\program files (x86)\KWorld Multimedia\RC Utility\KWRCtl.exe [2011-5-11 257536]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2011-4-17 3510160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 51727736]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S3 3xHybr64;3xHybrid service;c:\windows\system32\DRIVERS\3xHybr64.sys [x]
S3 CMIUCR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\DRIVERS\cmiucr_x64.SYS [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208836425-1500219768-807306282-1001Core.job
- c:\users\Ententeak\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 22:24]
.
2011-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208836425-1500219768-807306282-1001UA.job
- c:\users\Ententeak\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 22:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"Cmiboot"="c:\windows\cmiboot.exe" [2007-02-07 65536]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: Interfaces\{433D0317-C933-41B0-AC51-73DE12867122}: NameServer = 93.89.159.2,82.208.56.105
FF - ProfilePath - c:\users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.cz/search?q=
.
.
------- Asociace souborů -------
.
txtfile=c:\progra~2\PSPADE~1\PSPad.exe "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Steam - z:\steam\steam.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-AutoKMS - c:\windows\AutoKMS.exe
AddRemove-Steam App 102700 - z:\steam\steam.exe
AddRemove-Steam App 107300 - z:\steam\steam.exe
AddRemove-Steam App 107310 - z:\steam\steam.exe
AddRemove-Steam App 11200 - z:\steam\steam.exe
AddRemove-Steam App 15520 - z:\steam\steam.exe
AddRemove-Steam App 17020 - z:\steam\steam.exe
AddRemove-Steam App 20700 - z:\steam\steam.exe
AddRemove-Steam App 20920 - z:\steam\steam.exe
AddRemove-Steam App 22200 - z:\steam\steam.exe
AddRemove-Steam App 2500 - z:\steam\steam.exe
AddRemove-Steam App 27810 - z:\steam\steam.exe
AddRemove-Steam App 31410 - z:\steam\steam.exe
AddRemove-Steam App 32200 - z:\steam\steam.exe
AddRemove-Steam App 35700 - z:\steam\steam.exe
AddRemove-Steam App 36210 - z:\steam\steam.exe
AddRemove-Steam App 36620 - z:\steam\steam.exe
AddRemove-Steam App 40700 - z:\steam\steam.exe
AddRemove-Steam App 55040 - z:\steam\steam.exe
AddRemove-Steam App 63500 - z:\steam\steam.exe
AddRemove-Steam App 70300 - z:\steam\steam.exe
AddRemove-Steam App 7200 - z:\steam\steam.exe
AddRemove-Steam App 72200 - z:\steam\steam.exe
AddRemove-Steam App 92300 - z:\steam\steam.exe
AddRemove-Steam App 95300 - z:\steam\steam.exe
AddRemove-Steam App 99890 - z:\steam\steam.exe
AddRemove-Steam App 99900 - z:\steam\steam.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:c5,84,51,e3,f3,4f,89,5c,84,1d,a3,22,fa,0b,df,f8,fe,dd,ab,35,0a,
b0,01,b5,b3,4f,b1,9b,c1,47,ce,20,71,31,8a,21,e6,3b,0d,63,89,a7,7c,56,a9,03,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:c5,84,51,e3,f3,4f,89,5c,84,1d,a3,22,fa,0b,df,f8,fe,dd,ab,35,0a,
b0,01,b5,b3,4f,b1,9b,c1,47,ce,20,71,31,8a,21,e6,3b,0d,63,89,a7,7c,56,a9,03,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\windows\MHotKey.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\ChiFuncExt.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
.
**************************************************************************
.
Celkový čas: 2011-07-16 09:08:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-16 07:08
.
Před spuštěním: Volných bajtů: 29 344 931 840
Po spuštění: Volných bajtů: 29 078 679 552
.
- - End Of File - - F757DCD635E6E1BA36F4F3D3505D3FE8

[ententeak]

koukám, že mi to smázlo Steam, proč?

[vyosek]

Nejaky bug ComboFixu Upozornime autora Po ukonceni leceni jej nainstlujte prosim zpet - ono nema cenu jej ted obnovovat, jelikoz by jej smazl znovu

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  RegLock::
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  
  Firefox::
  FF - ProfilePath - c:\users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\
  FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
  FF - prefs.js: browser.search.selectedEngine - QIP Search
  FF - prefs.js: keyword.URL - hxxp://www.google.cz/search?q=
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "AdobeAAMUpdater-1.0"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "WinampAgent"=-
  "iTunesHelper"=-
  "Adobe ARM"=-
  "Adobe Acrobat Speed Launcher"=-
  "Acrobat Assistant 8.0"=-
  "SunJavaUpdateSched"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Pro Agent"=-
  "Infium"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
  
  Collect::
  c:\windows\KMSEmulator.exe
  
  File::
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208836425-1500219768-807306282-1001Core.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208836425-1500219768-807306282-1001UA.job
  
  Driver::
  Akamai
  NAUpdate
  
  NetSvc::
  Akamai
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[ententeak]

ComboFix 11-07-15.03 - Ententeak 16.07.2011 9:31.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4096.2428 [GMT 2:00]
Spuštěný z: d:\___ochrany\ComboFix.exe
Použité ovládací přepínače :: d:\___ochrany\CFScript.txt
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208836425-1500219768-807306282-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208836425-1500219768-807306282-1001UA.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\KMSEmulator.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208836425-1500219768-807306282-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208836425-1500219768-807306282-1001UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Akamai
-------\Service_NAUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-16 do 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-16 08:03 . 2011-07-16 08:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-07-15 22:52 . 2011-07-15 22:52 -------- d-----w- C:\rsit
2011-07-15 22:52 . 2011-07-15 22:52 -------- d-----w- c:\program files\trend micro
2011-07-15 11:55 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8420FD84-3CDB-47FD-A18E-8B147327D74F}\mpengine.dll
2011-07-15 11:53 . 2011-07-15 11:53 -------- d-----w- c:\users\Ententeak\AppData\Roaming\ZombieDriver
2011-07-15 11:53 . 2011-07-15 11:53 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-15 11:53 . 2011-07-15 11:53 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-07-15 11:53 . 2011-07-15 11:53 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-07-15 11:53 . 2011-07-15 11:53 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-07-15 11:53 . 2011-07-15 11:53 -------- d-----w- c:\program files (x86)\OpenAL
2011-07-14 17:14 . 2011-07-14 17:14 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-07-10 08:09 . 2011-07-10 08:09 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-09 17:02 . 2011-07-09 17:02 -------- d-----w- c:\users\Ententeak\AppData\Roaming\System
2011-07-09 17:02 . 2011-07-09 17:02 -------- d-----w- c:\users\Ententeak\AppData\Local\Universe Sandbox
2011-07-09 17:02 . 2011-07-09 17:06 -------- d-sh--w- c:\users\Ententeak\AppData\Roaming\wyUpdate AU
2011-07-09 16:27 . 2011-07-09 16:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-09 16:25 . 2011-05-04 02:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-08 04:33 . 2011-07-08 04:33 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-06 19:40 . 2011-07-06 19:44 -------- d-----w- C:\ArmyBuilder
2011-07-05 15:51 . 2011-07-05 15:51 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-07-05 15:50 . 2011-07-05 15:50 -------- d-----w- c:\windows\PCHEALTH
2011-07-05 15:50 . 2011-07-05 15:50 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-07-05 15:50 . 2011-07-05 15:50 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-07-05 15:49 . 2011-07-05 15:49 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-07-05 15:48 . 2011-07-05 15:48 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-07-05 15:48 . 2011-07-05 15:48 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-07-05 15:47 . 2011-07-05 15:47 -------- d-----r- C:\MSOCache
2011-06-29 09:32 . 2011-06-29 09:32 -------- d-----w- c:\users\Ententeak\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-06-29 09:31 . 2011-06-29 09:31 -------- d-----w- c:\users\Ententeak\AppData\Roaming\PACE Anti-Piracy
2011-06-29 09:31 . 2011-06-29 09:31 -------- d-----w- c:\programdata\PACE Anti-Piracy
2011-06-29 09:31 . 2011-06-29 09:31 -------- d-----w- c:\users\Ententeak\AppData\Local\PACE Anti-Piracy
2011-06-29 09:31 . 2011-06-29 09:31 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2011-06-21 16:38 . 2011-06-21 16:38 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 16:38 . 2011-06-21 16:38 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-21 13:32 . 2011-06-21 13:32 -------- d-----w- c:\program files (x86)\Microsoft XNA
2011-06-20 15:08 . 2011-06-20 21:22 -------- d-----w- c:\users\Ententeak\AppData\Roaming\AtomZombieData
2011-06-20 14:06 . 2011-06-20 14:06 -------- d-----w- c:\users\Ententeak\AppData\Roaming\GridRunnerRev
2011-06-19 14:39 . 2011-06-19 14:39 -------- d-----w- c:\program files (x86)\Cheat Engine 6.1
2011-06-16 10:33 . 2011-06-16 10:33 -------- d-----w- c:\users\Ententeak\AppData\Local\gMapMaker
2011-06-16 10:02 . 2011-06-16 10:02 -------- d-----w- c:\program files (x86)\gMapMaker
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 16:28 . 2011-05-18 20:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-06 19:55 . 2011-06-06 19:55 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2011-06-06 19:55 . 2011-06-06 19:55 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
2011-06-03 05:57 . 2011-07-13 16:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-25 07:25 . 2011-06-02 14:27 29288 ----a-w- c:\windows\system32\nvhdap64.dll
2011-05-25 07:25 . 2011-06-02 14:27 174184 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2011-05-25 07:25 . 2011-06-02 14:27 1426536 ----a-w- c:\windows\system32\nvhdagenco642040.dll
2011-05-25 07:25 . 2011-04-07 21:19 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 07:25 . 2011-04-07 21:19 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-05-25 07:25 . 2011-04-07 21:18 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
2011-05-25 07:25 . 2010-07-09 14:27 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 07:25 . 2011-04-07 21:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 07:25 . 2011-04-07 21:19 6300776 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 07:25 . 2011-04-07 21:19 739432 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-05-25 07:25 . 2011-06-02 14:27 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 07:25 . 2011-06-02 14:27 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-05-25 07:25 . 2011-05-11 15:23 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-05-25 07:25 . 2011-06-02 14:27 22286952 ----a-w- c:\windows\system32\nvoglv64.dll
2011-05-25 07:25 . 2011-05-11 15:23 6555240 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-05-25 07:25 . 2011-06-02 14:27 16456296 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-05-25 07:25 . 2011-06-02 14:27 13206120 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-25 07:25 . 2011-06-02 14:27 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-05-25 07:25 . 2011-06-02 14:27 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
2011-05-25 07:25 . 2011-06-02 14:27 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
2011-05-25 07:25 . 2011-05-11 15:23 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-05-25 07:25 . 2011-06-02 14:27 7123560 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 07:25 . 2011-06-02 14:27 5301352 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-05-25 07:25 . 2011-06-02 14:27 2943592 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 07:25 . 2011-06-02 14:27 2804328 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-05-25 07:25 . 2011-06-02 14:27 2212968 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 07:25 . 2011-06-02 14:27 2082408 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-05-25 07:25 . 2011-06-02 14:27 18583144 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 07:25 . 2011-06-02 14:27 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-05-25 07:25 . 2011-05-11 15:23 2644584 ----a-w- c:\windows\system32\nvapi64.dll
2011-05-25 07:25 . 2011-05-11 15:23 2335848 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-05-24 17:14 . 2011-05-11 15:26 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-22 16:00 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-05-22 16:00 . 2009-08-18 09:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-05-12 20:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-12 20:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-11 21:41 . 2011-05-11 21:41 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-11 21:41 . 2011-05-11 21:41 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-11 21:41 . 2011-05-11 21:41 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-11 21:41 . 2011-05-11 21:41 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-11 21:41 . 2011-05-11 21:41 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-11 21:41 . 2011-05-11 21:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-11 21:41 . 2011-05-11 21:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-11 21:41 . 2011-05-11 21:41 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-11 21:41 . 2011-05-11 21:41 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-11 21:41 . 2011-05-11 21:41 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-11 21:41 . 2011-05-11 21:41 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-11 21:41 . 2011-05-11 21:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-11 21:41 . 2011-05-11 21:41 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-11 21:41 . 2011-05-11 21:41 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-11 21:41 . 2011-05-11 21:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-11 21:41 . 2011-05-11 21:41 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-11 21:41 . 2011-05-11 21:41 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-11 21:41 . 2011-05-11 21:41 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-11 21:41 . 2011-05-11 21:41 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-11 21:41 . 2011-05-11 21:41 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-11 21:41 . 2011-05-11 21:41 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-11 21:41 . 2011-05-11 21:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-11 21:41 . 2011-05-11 21:41 448512 ----a-w- c:\windows\system32\html.iec
2011-05-11 21:41 . 2011-05-11 21:41 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-11 21:41 . 2011-05-11 21:41 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-11 21:41 . 2011-05-11 21:41 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-11 21:41 . 2011-05-11 21:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-11 21:41 . 2011-05-11 21:41 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-11 21:41 . 2011-05-11 21:41 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-11 21:41 . 2011-05-11 21:41 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-11 21:41 . 2011-05-11 21:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-11 21:41 . 2011-05-11 21:41 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-11 21:41 . 2011-05-11 21:41 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-11 21:41 . 2011-05-11 21:41 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-11 21:41 . 2011-05-11 21:41 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-11 21:41 . 2011-05-11 21:41 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-11 21:41 . 2011-05-11 21:41 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-11 21:41 . 2011-05-11 21:41 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-05-11 16:24 . 2011-05-11 15:41 22336 ----a-w- c:\windows\gdrv.sys
2011-05-11 16:22 . 2011-05-11 15:54 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-05-10 06:06 . 2011-05-10 06:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 06:06 . 2011-05-10 06:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-04 02:52 . 2011-05-11 17:16 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-03 05:29 . 2011-06-15 06:04 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-15 06:04 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:06 . 2011-06-15 06:04 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:05 . 2011-06-15 06:04 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:05 . 2011-06-15 06:04 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:40 . 2011-06-15 06:05 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-27 02:39 . 2011-06-15 06:05 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:39 . 2011-06-15 06:05 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-25 05:33 . 2011-06-15 06:04 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:34 . 2011-06-15 06:04 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-23 01:29 . 2011-06-15 06:12 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-23 01:19 . 2011-06-15 06:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-22 23:35 . 2011-06-15 06:12 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-22 23:25 . 2011-06-15 06:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-22 22:15 . 2011-05-25 16:58 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-17 19:57 . 2011-04-17 19:57 41872 ----a-w- c:\windows\SysWow64\xfcodec.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-16_07.04.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-11 16:07 . 2011-07-16 07:05 41102 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-07-16 06:49 39316 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-16 07:05 39316 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-11 15:32 . 2011-07-16 07:05 6914 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2208836425-1500219768-807306282-1001_UserData.bin
+ 2011-07-16 08:04 . 2011-07-16 08:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-16 07:03 . 2011-07-16 07:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-16 07:03 . 2011-07-16 07:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-16 08:04 . 2011-07-16 08:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-07-16 06:53 655054 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-16 07:08 655054 c:\windows\system32\perfh009.dat
- 2009-07-14 15:18 . 2011-07-16 06:53 669660 c:\windows\system32\perfh005.dat
+ 2009-07-14 15:18 . 2011-07-16 07:08 669660 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-07-16 06:53 121926 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-07-16 07:08 121926 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2011-07-16 06:53 141292 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2011-07-16 07:08 141292 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2011-07-16 08:03 486676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-07-16 07:02 486676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-11 15:28 . 2011-07-16 08:03 24078899 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2208836425-1500219768-807306282-1001-12288.dat
- 2011-05-11 15:28 . 2011-07-16 07:02 24078899 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2208836425-1500219768-807306282-1001-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" [2011-02-11 3357696]
"iTap"="c:\program files (x86)\iTap mobile\iTap mobile\iTap.exe" [2010-11-23 5910528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LchDrvKey"="LchDrvKey.exe" [2007-03-28 36864]
.
c:\users\Ententeak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Remote Control.lnk - c:\program files (x86)\KWorld Multimedia\RC Utility\KWRCtl.exe [2011-5-11 257536]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2011-4-17 3510160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 51727736]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S3 3xHybr64;3xHybrid service;c:\windows\system32\DRIVERS\3xHybr64.sys [x]
S3 CMIUCR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\DRIVERS\cmiucr_x64.SYS [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF9013.cfxxe" [X]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"Cmiboot"="c:\windows\cmiboot.exe" [2007-02-07 65536]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AutoKMS"="c:\windows\AutoKMS.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: Interfaces\{433D0317-C933-41B0-AC51-73DE12867122}: NameServer = 93.89.159.2,82.208.56.105
FF - ProfilePath - c:\users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:c5,84,51,e3,f3,4f,89,5c,84,1d,a3,22,fa,0b,df,f8,fe,dd,ab,35,0a,
b0,01,b5,b3,4f,b1,9b,c1,47,ce,20,71,31,8a,21,e6,3b,0d,63,89,a7,7c,56,a9,03,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:c5,84,51,e3,f3,4f,89,5c,84,1d,a3,22,fa,0b,df,f8,fe,dd,ab,35,0a,
b0,01,b5,b3,4f,b1,9b,c1,47,ce,20,71,31,8a,21,e6,3b,0d,63,89,a7,7c,56,a9,03,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\windows\MHotKey.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\ChiFuncExt.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
.
**************************************************************************
.
Celkový čas: 2011-07-16 10:09:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-16 08:09
ComboFix2.txt 2011-07-16 07:08
.
Před spuštěním: Volných bajtů: 28 909 219 840
Po spuštění: Volných bajtů: 28 632 039 424
.
- - End Of File - - 579485D47C89C86AF9CB70E2D4179869
Nahr nˇ probŘhlo ŁspŘçnŘ

[vyosek]

Nastala nejaka zmena

[ententeak]

nezdá se:

jen mi to teda smázlo ten Steam, zrušilo mi to startup nastavení QIPa a nastavení výchozího prohlížeče FF
a deaktivovalo Aston Shell

[vyosek]

Odinstalujte Combofix

• Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
• Napiste ComboFix /Uninstall
• Stisknete Enter
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  netsvcs
  drivers32
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  c:\windows\*.* /U
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  /md5start
  adp3132.sys
  AGP440.sys
  ahcix86.sys
  ahcix86s.sys
  atapi.sys
  autochk.exe
  cdrom.sys
  cngaudit.dll
  cryptsvc.dll
  eNetHook.dll
  eventlog.dll
  explorer.exe
  hal.dll
  Changer.sys
  iaStor.sys
  iastorv.sys
  IdeChnDr.sys
  isapnp.sys
  JakNDis.sys
  KR10N.sys
  logevent.dll
  lsass.exe
  mv61xx.sys
  ndis.sys
  netlogon.dll
  ntelogon.dll
  nvata.sys
  nvatabus.sys
  nvgts.sys
  nvraid.sys
  nvrd32.sys
  nvstor.sys
  nvstor32.sys
  scecli.dll
  sceclt.dll
  smss.exe
  svchost.exe
  symmpi.sys
  tcpip.sys
  userinit.exe
  vaxscsi.sys
  viamraid.sys
  viasraid.sys
  ViPrt.sys
  winlogon.exe
  ws2_32.dll
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  CREATERESTOREPOINT

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

[ententeak]

tak teď mi jede ten OTL.. zatím žádná změna..
ještě me napadlo, jestli by nemohl bejt problém v routeru, protože máme novej, neb u starýho nám odešla Wi-Fi část.. ačkoliv je divný, že z noťasu přes kabel to jede 50Mbps Down/Up a u mě přes kabel sotva 5Mbps Down / 40Mbps Upload .. přes Wi-Fi na noťasu je to 20/20Mbps D/U .. tak po dojetí OTL ještě testnu ten starej router..

P.S.: nějak nechápu, proč se všechny tyhle desjrátizátory musej ukládat zrovna na plochu?? Není to jedno, odkud se spouští??

[vyosek]

Zkuste jeste tenhle router resetnout - na cca pul minuty vytahnout ze zasuvky. Pak zkuste ten stary.

Ohledne te plochy - nekdy je to potreba kdyz se aplikuji skripty (napr u ComboFixu), je to i domluva Radcu jelikoz se pise nekdy skript a je potreba neco spoustet treba pres prikazovy radek tak je tam obecny prikaz pro plochu a taky i z duvodu, ze nekdy byvaji v nazvu uctu diakriticke prvky a diky te plose je utilita pozna a umi s tim pracovat...Nebojte, po ukonceni leceni po sobe uklidime, takze tam nezustane nic...

U nekterych utilit by bylo jedno odkud by byly spustene ale u nekterych nikoliv. Proto se zavedla domluva, ze vse bude z plochy Snad jsem vysvetlil aspon trochu pochopitelne...

[ententeak]

já právě, že jsem ten Combofix spouštěl z "D:\___ochrany\", tak jestli to nemohlo mít nějakej vedlejší efekt

Router se u nás na noc vypíná, takže restart na půl minuty ze zásuvky toho asi moc nezachrání, když přes noc byl vyplej cca od dvou hodin do osmi..

Jinak zde je výpis z OTL:

OTL logfile created on: 16.7.2011 10:57:31 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Ententeak\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 60,38% Memory free
8,00 Gb Paging File | 6,16 Gb Available in Paging File | 77,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 28,03 Gb Free Space | 28,70% Space Free | Partition Type: NTFS
Drive D: | 345,57 Gb Total Space | 121,40 Gb Free Space | 35,13% Space Free | Partition Type: NTFS
Drive E: | 488,28 Gb Total Space | 21,47 Gb Free Space | 4,40% Space Free | Partition Type: NTFS
Drive Z: | 1792,00 Gb Total Space | 1144,29 Gb Free Space | 63,86% Space Free | Partition Type: NTFS

Computer Name: ENTENTEAK-PC | User Name: Ententeak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.07.16 10:56:01 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ententeak\Desktop\OTL.exe
PRC - [2011.06.21 18:38:11 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.11 14:58:40 | 006,848,384 | ---- | M] () -- C:\Program Files (x86)\QIP Infium\infium.exe
PRC - [2011.04.17 21:57:50 | 003,510,160 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe
PRC - [2011.03.17 10:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011.02.11 10:39:28 | 003,357,696 | ---- | M] () -- C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe
PRC - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010.11.23 22:42:24 | 005,910,528 | ---- | M] (HLW Software Development GmbH) -- C:\Program Files (x86)\iTap mobile\iTap mobile\iTap.exe
PRC - [2010.11.03 15:06:32 | 000,257,536 | ---- | M] () -- C:\Program Files (x86)\KWorld Multimedia\RC Utility\KWRCtl.exe
PRC - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008.02.01 11:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2007.12.27 14:03:14 | 000,580,096 | ---- | M] () -- C:\Windows\mHotkey.exe


========== Modules (SafeList) ==========

MOD - [2011.07.16 10:56:01 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ententeak\Desktop\OTL.exe
MOD - [2011.04.17 21:57:58 | 000,974,736 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\xfire_toucan_44225.dll
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010.11.15 21:02:26 | 000,353,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll
MOD - [2010.09.21 06:18:50 | 000,117,760 | ---- | M] () -- C:\Program Files (x86)\Anti-Vibrate Oscar Editor\dll\DLL_Wheel4D.dll
MOD - [2009.07.14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.01.12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010.10.13 11:41:06 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010.10.13 11:41:04 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011.06.02 16:19:33 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.05.25 09:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.05.16 13:47:30 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010.12.21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010.12.21 13:47:38 | 000,170,640 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010.12.21 13:47:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010.12.21 13:47:38 | 000,034,144 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.05 13:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010.10.05 13:26:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010.10.05 13:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010.04.19 19:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune)
DRV:64bit: - [2007.12.26 21:36:48 | 000,337,960 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Si3132r5.sys -- (Si3132r5)
DRV:64bit: - [2007.12.26 21:36:48 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2007.12.26 21:36:48 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2007.04.20 13:40:10 | 000,873,216 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\3xHybr64.sys -- (3xHybr64)
DRV:64bit: - [2007.01.15 16:13:18 | 000,160,256 | ---- | M] (C-Media Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmiucr_x64.SYS -- (CMIUCR)
DRV - [2011.05.11 18:24:22 | 000,022,336 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2208836425-1500219768-807306282-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2208836425-1500219768-807306282-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2208836425-1500219768-807306282-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {9935ef86-61cd-4f48-a057-ab2c5172031d}:2.6.2
FF - prefs.js..extensions.enabledItems: safariviewwin@systemantics.net:0.5.3
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}:5.3.2
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7
FF - prefs.js..extensions.enabledItems: pastebin.com@gmail.com:3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.7

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ententeak\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ententeak\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.06.19 18:10:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.05.11 22:34:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.21 18:38:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.09 18:25:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.05.11 18:14:40 | 000,000,000 | ---D | M]

[2011.05.11 17:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Extensions
[2011.05.11 17:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011.07.15 21:29:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions
[2011.05.11 17:59:52 | 000,000,000 | ---D | M] (MultiSidebar) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\{1c70e98e-bd0d-11db-8314-0800200c9a66}
[2011.06.01 15:25:52 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011.06.22 18:34:50 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.05.11 17:59:52 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2011.05.11 17:59:53 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011.05.11 17:59:53 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}(2)
[2011.05.11 17:59:53 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2011.05.11 17:59:51 | 000,000,000 | ---D | M] (AnyColor) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\anycolor.pavlos256@gmail.com
[2011.05.11 17:59:51 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\engine@conduit.com
[2011.05.11 17:59:51 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\extension@virtusdesigns.com
[2011.05.12 15:38:28 | 000,000,000 | ---D | M] (LuckyBar) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\jid0-RZ1wv8WwA7CKjr2eJZV648uKiuE@jetpack
[2011.05.11 17:59:52 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\NPDyyno@dyyno.com
[2011.05.11 17:59:52 | 000,000,000 | ---D | M] (Pastebin) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\pastebin.com@gmail.com
[2011.05.11 17:59:52 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\personas@christopher.beard
[2011.05.11 17:59:52 | 000,000,000 | ---D | M] (Safari View Win) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\safariviewwin@systemantics.net
[2011.05.11 17:59:52 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\support@predictad.com
[2011.05.11 17:59:52 | 000,000,000 | ---D | M] ("YoYo Games InstantPlay") -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\yyginstantplay@yoyogames.com
[2011.05.11 17:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\extension@virtusdesigns.com\defaults
[2011.05.11 17:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\extension@virtusdesigns.com\chrome
[2011.05.11 17:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2011.07.16 08:53:41 | 000,001,018 | ---- | M] () -- C:\Users\Ententeak\AppData\Roaming\Mozilla\Firefox\Profiles\6nh6nwz6.default\searchplugins\facebook.xml
[2011.07.09 18:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.05.11 19:16:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.07.09 18:25:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\ENTENTEAK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6NH6NWZ6.DEFAULT\EXTENSIONS\{9935EF86-61CD-4F48-A057-AB2C5172031D}.XPI
() (No name found) -- C:\USERS\ENTENTEAK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6NH6NWZ6.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\ENTENTEAK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6NH6NWZ6.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\ENTENTEAK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6NH6NWZ6.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2011.06.21 18:38:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.07.16 10:04:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKU\S-1-5-21-2208836425-1500219768-807306282-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Cmiboot] C:\Windows\cmiboot.exe ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
O4 - HKU\S-1-5-21-2208836425-1500219768-807306282-1001..\Run: [Infium] C:\Program Files (x86)\QIP Infium\infium.exe ()
O4 - HKU\S-1-5-21-2208836425-1500219768-807306282-1001..\Run: [iTap] C:\Program Files (x86)\iTap mobile\iTap mobile\iTap.exe (HLW Software Development GmbH)
O4 - HKU\S-1-5-21-2208836425-1500219768-807306282-1001..\Run: [OscarEditor] C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe ()
O4 - HKU\S-1-5-21-2208836425-1500219768-807306282-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2208836425-1500219768-807306282-1003..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Ententeak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk = C:\Program Files (x86)\KWorld Multimedia\RC Utility\KWRCtl.exe ()
O4 - Startup: C:\Users\Ententeak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2208836425-1500219768-807306282-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2208836425-1500219768-807306282-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2208836425-1500219768-807306282-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2208836425-1500219768-807306282-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-2208836425-1500219768-807306282-1003 Winlogon: Shell - ("C:\Program Files\Aston2\Aston2.exe") - C:\Program Files\Aston2\Aston2.exe (Gladiators Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[ententeak]

druhá polovina logu:


========== Files/Folders - Created Within 7 Days ==========

[2011.07.16 10:55:55 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Ententeak\Desktop\OTL.exe
[2011.07.16 10:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.07.16 10:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.07.16 10:10:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.07.16 10:05:13 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.07.16 00:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.15 23:41:09 | 000,000,000 | ---D | C] -- C:\Users\Ententeak\Documents\SavedGames
[2011.07.15 13:53:26 | 000,000,000 | ---D | C] -- C:\Users\Ententeak\AppData\Roaming\ZombieDriver
[2011.07.15 13:53:18 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.07.15 13:53:18 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.07.15 13:53:18 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011.07.15 13:53:18 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011.07.15 13:53:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011.07.14 19:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.07.13 18:40:15 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011.07.13 18:40:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011.07.13 18:40:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011.07.13 18:40:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011.07.13 18:40:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011.07.13 18:40:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011.07.13 18:40:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011.07.13 18:40:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.07.13 18:40:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011.07.13 18:40:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011.07.13 18:40:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011.07.13 18:40:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011.07.13 18:40:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011.07.13 18:40:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011.07.13 18:40:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011.07.13 18:40:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.07.13 18:40:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011.07.13 18:40:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011.07.13 18:40:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011.07.13 18:40:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011.07.13 18:40:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.07.13 18:40:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.07.13 18:40:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011.07.13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011.07.13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011.07.13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011.07.13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011.07.13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011.07.13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.07.13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011.07.13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011.07.13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011.07.13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011.07.13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011.07.13 18:40:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011.07.13 18:40:05 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011.07.13 18:40:05 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011.07.13 18:40:05 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011.07.13 18:40:05 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.07.13 18:40:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011.07.13 18:40:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011.07.13 18:40:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011.07.13 18:40:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011.07.13 18:40:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011.07.13 18:40:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011.07.13 18:40:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011.07.13 18:40:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011.07.10 10:09:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.07.09 19:02:17 | 000,000,000 | ---D | C] -- C:\Users\Ententeak\AppData\Roaming\System
[2011.07.09 19:02:15 | 000,000,000 | ---D | C] -- C:\Users\Ententeak\Documents\Universe Sandbox
[2011.07.09 19:02:15 | 000,000,000 | ---D | C] -- C:\Users\Ententeak\AppData\Local\Universe Sandbox
[2011.07.09 19:02:13 | 000,000,000 | -HSD | C] -- C:\Users\Ententeak\AppData\Roaming\wyUpdate AU
[2011.07.09 18:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.07.09 18:25:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.07.09 18:25:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.07.09 18:25:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

========== Files - Modified Within 7 Days ==========

[2011.07.16 10:56:27 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.16 10:56:27 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.16 10:56:01 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Ententeak\Desktop\OTL.exe
[2011.07.16 10:53:22 | 001,585,934 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.07.16 10:53:22 | 000,669,660 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011.07.16 10:53:22 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.16 10:53:22 | 000,141,292 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011.07.16 10:53:22 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.07.16 10:52:03 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.16 10:48:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.16 10:48:42 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.16 10:04:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.07.15 23:39:55 | 001,564,220 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.15 13:53:18 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.07.15 13:53:18 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.07.15 13:53:18 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011.07.15 13:53:18 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011.07.15 06:35:20 | 000,002,421 | ---- | M] () -- C:\Users\Ententeak\Desktop\Google Chrome.lnk
[2011.07.14 19:11:54 | 004,996,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011.07.16 10:52:03 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.06.29 11:31:18 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011.06.15 19:39:05 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.05.31 00:18:54 | 000,000,132 | ---- | C] () -- C:\Users\Ententeak\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
[2011.05.30 08:56:15 | 001,564,220 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.26 22:06:56 | 000,074,265 | ---- | C] () -- C:\Windows\hpqins16.dat
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.17 13:09:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.05.12 00:22:43 | 000,156,748 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.05.11 22:26:39 | 000,011,718 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2011.05.11 22:26:37 | 000,580,096 | ---- | C] () -- C:\Windows\mHotkey.exe
[2011.05.11 22:26:37 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2011.05.11 22:26:37 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
[2011.05.11 17:58:37 | 000,008,319 | ---- | C] () -- C:\Windows\WINCMD.INI
[2011.05.11 17:58:37 | 000,003,940 | ---- | C] () -- C:\Windows\wcx_ftp.ini
[2011.05.11 17:41:29 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.04.17 21:57:54 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007.02.07 12:02:58 | 000,065,536 | ---- | C] () -- C:\Windows\cmiboot.exe
[2007.01.16 14:55:56 | 000,480,256 | ---- | C] () -- C:\Windows\CmUCREye_x64.exe

========== LOP Check ==========

[2011.06.23 20:31:02 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\.minecraft
[2011.05.11 19:47:06 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Aston2
[2011.06.20 23:22:37 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\AtomZombieData
[2011.05.17 22:08:31 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.05.11 22:36:03 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\com.adobe.dmp.contentviewer
[2011.05.17 11:40:39 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2011.07.16 10:53:00 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\DAEMON Tools Pro
[2011.05.12 18:57:49 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\DarksporeData
[2011.05.11 18:16:05 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\ESET
[2011.06.20 16:06:31 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\GridRunnerRev
[2011.05.30 18:01:22 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Hi-Rez Studios
[2011.05.11 21:55:26 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\KWorld Multimedia
[2011.05.22 17:59:28 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Lionhead Studios
[2011.06.29 11:31:18 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\PACE Anti-Piracy
[2011.05.11 18:17:27 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\QIP
[2011.06.29 11:32:25 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.07.09 19:02:17 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\System
[2011.06.11 14:41:35 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\TeamViewer
[2011.05.11 19:59:41 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\VitySoft
[2011.07.09 19:06:53 | 000,000,000 | -HSD | M] -- C:\Users\Ententeak\AppData\Roaming\wyUpdate AU
[2011.07.15 13:53:56 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\ZombieDriver
[2009.07.14 07:08:49 | 000,028,772 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"OscarEditor" = "C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" Minimum -- [2011.02.11 10:39:28 | 003,357,696 | ---- | M] ()
"iTap" = C:\Program Files (x86)\iTap mobile\iTap mobile\iTap.exe -- [2010.11.23 22:42:24 | 005,910,528 | ---- | M] (HLW Software Development GmbH)
"Infium" = "C:\Program Files (x86)\QIP Infium\infium.exe" /autorun -- [2011.05.11 14:58:40 | 006,848,384 | ---- | M] ()

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.06.23 20:31:02 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\.minecraft
[2011.07.15 09:17:17 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Adobe
[2011.05.12 00:22:31 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Apple Computer
[2011.05.11 19:47:06 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Aston2
[2011.06.20 23:22:37 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\AtomZombieData
[2011.05.17 22:08:31 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.05.11 22:36:03 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\com.adobe.dmp.contentviewer
[2011.05.17 11:40:39 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2011.05.23 10:03:35 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Corel
[2011.07.16 10:53:00 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\DAEMON Tools Pro
[2011.05.12 18:57:49 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\DarksporeData
[2011.05.11 18:16:05 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\ESET
[2011.06.20 16:06:31 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\GridRunnerRev
[2011.05.15 21:07:13 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Help
[2011.05.30 18:01:22 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Hi-Rez Studios
[2011.05.11 17:10:51 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Identities
[2011.05.11 22:26:06 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\InstallShield
[2011.05.11 21:55:26 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\KWorld Multimedia
[2011.05.22 17:59:28 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Lionhead Studios
[2011.05.11 17:19:20 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Macromedia
[2009.07.14 17:36:31 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Media Center Programs
[2011.06.22 12:17:02 | 000,000,000 | --SD | M] -- C:\Users\Ententeak\AppData\Roaming\Microsoft
[2011.05.11 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Mozilla
[2011.05.20 16:30:50 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Nero
[2011.05.12 14:09:03 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\NVIDIA
[2011.06.29 11:31:18 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\PACE Anti-Piracy
[2011.05.22 13:14:59 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\PSpad
[2011.05.11 18:17:27 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\QIP
[2011.06.29 11:32:25 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.07.09 19:02:17 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\System
[2011.06.11 14:41:35 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\TeamViewer
[2011.05.11 19:59:41 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\VitySoft
[2011.07.16 10:53:00 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Winamp
[2011.05.11 19:55:31 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\WinRAR
[2011.06.03 13:22:01 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\WTablet
[2011.07.09 19:06:53 | 000,000,000 | -HSD | M] -- C:\Users\Ententeak\AppData\Roaming\wyUpdate AU
[2011.07.16 08:54:36 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\Xfire
[2011.07.15 13:53:56 | 000,000,000 | ---D | M] -- C:\Users\Ententeak\AppData\Roaming\ZombieDriver

< %APPDATA%\*.exe /s >
[2011.05.23 00:53:45 | 019,626,862 | ---- | M] () -- C:\Users\Ententeak\AppData\Roaming\KWorld Multimedia\TiVme\Patch(190).exe
[2011.05.11 22:08:33 | 000,010,134 | R--- | M] () -- C:\Users\Ententeak\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2007.11.05 22:39:50 | 000,045,056 | ---- | M] (AMIS) -- C:\Users\Ententeak\AppData\Roaming\QIP\Profiles\ententeak.bkp\RcvdFiles\InfICQ_199611107\renamer.exe
[2008.03.13 20:43:00 | 001,098,299 | ---- | M] () -- C:\Users\Ententeak\AppData\Roaming\QIP\Profiles\ententeak.bkp\RcvdFiles\InfICQ_201879736\qip-extension.exe
[2008.02.16 19:37:10 | 009,544,173 | ---- | M] (Slovenský preklad) -- C:\Users\Ententeak\AppData\Roaming\QIP\Profiles\ententeak.bkp\RcvdFiles\slavek.cz_493810516\BR2_SK.exe
[2006.09.25 20:29:14 | 027,772,651 | ---- | M] () -- C:\Users\Ententeak\AppData\Roaming\QIP\Profiles\ententeak.bkp\RcvdFiles\slavek.cz_493810516\ElcomSoft Advanced Passsword Recovery Studio 2006\ElcomSoftStudio.exe
[2011.02.23 12:51:14 | 000,381,440 | ---- | M] () -- C:\Users\Ententeak\AppData\Roaming\QIP\Profiles\ententeak\RcvdFiles\pes502_216381272\MEOW.exe
[2011.04.24 23:08:17 | 000,083,456 | ---- | M] () -- C:\Users\Ententeak\AppData\Roaming\QIP\Profiles\ententeak\RcvdFiles\pes502_216381272\WindowsController.exe


< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2010.11.20 15:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\SysNative\cryptsvc.dll
[2010.11.20 15:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010.11.20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SysWOW64\cryptsvc.dll
[2010.11.20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2009.12.24 18:55:14 | 000,243,200 | ---- | M] () MD5=31314E98FBA1E1F26689F55161F11412 -- C:\Program Files\Aston2\contrib64\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe

< MD5 for: NDIS.SYS >
[2010.11.20 15:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\SysNative\drivers\ndis.sys
[2010.11.20 15:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\drivers\nvraid.sys
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2010.11.20 15:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010.11.20 15:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011.03.11 08:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys
[2011.03.11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvraid.sys
[2011.03.11 08:25:53 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A5C82EB2F72AA004887F90B84A771F73 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 07:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2010.11.20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2010.06.14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011.04.25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011.04.25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\SysNative\drivers\tcpip.sys
[2011.04.25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011.04.25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010.11.20 15:27:29 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\SysNative\ws2_32.dll
[2010.11.20 15:27:29 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.07.15 13:53:18 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\system32\OpenAL32.dll
[2011.07.15 23:39:55 | 001,564,220 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[2011.07.15 13:53:18 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\system32\wrap_oal.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 1262 bytes -> C:\ProgramData\Microsoft:LhSjscwpXYrAefMrN4
@Alternate Data Stream - 1238 bytes -> C:\ProgramData\Microsoft:XzylkITS2jYhXrcgWBQD02KT
@Alternate Data Stream - 1231 bytes -> C:\ProgramData\Microsoft:lyC47XGBlhRhBSnRe8qNp

< End of report >

[ententeak]

navíc já díky Astonu plochu jako takovou vůbec nepoužívám...