VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

prosim o kontrolu z RSIT

https://forum.viry.cz:443/viewtopic.php?t=118366

Stránka 1 z 1

prosim o kontrolu z RSIT

Napsal: 04 led 2012 20:44
od svkjozef
Prosim vas o kontrolu som v tom uplni amater teras to robim prvy krat, mozte my prosim nápísať ako mam dalej postupovat prikladamm log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Hadraba at 2012-01-04 20:36:33
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 112 GB (47%) free of 238 GB
Total RAM: 3955 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:37:36, on 4. 1. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\trend micro\Hadraba.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [UpdateMes] C:\Users\Hadraba\AppData\Roaming\Updatem\d_update\zupdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Služba ConfigFree WiMAX (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: Služba ConfigFree (ConfigFree Service) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11424 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
winlogon.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 28391664
\??\C:\Windows\system32\conhost.exe "146228021-3422499861619023097-1695100252-1116942386-1689527788309053857369656007
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"taskhost.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrB.exe
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2396
"C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe"
"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"
"C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE3
"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"
"C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe"
"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
C:\Windows\system32\svchost.exe -k HPService
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
taskeng.exe {21C52027-8B8F-4642-9DE5-0AABE2654BF9}
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet F4500 series#1321978486" -Startup
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Opera\opera.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
"c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey FFEB3DA3-E4AA-662D-E2FC-AD884176C5B3 -Reinvoke
"D:\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{A4B07E49-6567-4FB8-8D39-01920E3B2357}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll [2010-10-26 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19 529784]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll [2010-10-26 217088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2010-04-23 595816]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-07-09 38304]
"Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2010-05-11 1050072]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-28 11101800]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-07-28 2120808]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2010-09-28 566184]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-08-13 570680]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-05-10 915320]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-10 2052392]
"SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-02-05 709976]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [2010-04-19 136136]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 4035152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"UpdateMes"=C:\Users\Hadraba\AppData\Roaming\Updatem\d_update\zupdate.exe [2011-11-18 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~2\Toshiba\BLUETO~1\TosBtMng.exe [2010-10-07 2721184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe [2009-05-21 275768]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-11-11 288088]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-10-05 98304]
"SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2010-03-03 352256]
"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2010-03-04 423936]
"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2010-08-15 34160]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START []
"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-05-01 2454840]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136]
"facemoods"=C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe [2010-10-26 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-01-04 20:36:33 ----D---- C:\rsit
2012-01-04 20:36:33 ----D---- C:\Program Files\trend micro
2012-01-04 20:20:04 ----D---- C:\Windows\pss
2012-01-03 18:13:07 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-01-03 18:13:06 ----D---- C:\Program Files (x86)\facemoods.com
2012-01-03 18:12:25 ----D---- C:\Program Files (x86)\JDownloader
2012-01-03 17:43:40 ----D---- C:\Users\Hadraba\AppData\Roaming\VitySoft
2012-01-01 22:09:22 ----D---- C:\Program Files (x86)\Batman Arkham City
2012-01-01 18:23:18 ----D---- C:\Program Files (x86)\Call of Duty- Modern Warfare 3
2011-12-31 18:58:46 ----A---- C:\Windows\system32\shell32.dll
2011-12-31 18:58:41 ----A---- C:\Windows\SYSWOW64\shell32.dll
2011-12-31 12:46:20 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2011-12-31 12:46:20 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2011-12-31 12:46:20 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-12-31 12:46:20 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-12-31 12:46:19 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2011-12-31 12:46:19 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2011-12-31 12:46:19 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-12-31 12:46:19 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-12-31 12:46:18 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-12-31 12:46:17 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2011-12-31 12:46:17 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-12-31 12:46:16 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2011-12-31 12:46:16 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-12-31 12:46:13 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2011-12-31 12:46:13 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2011-12-31 12:46:13 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-12-31 12:46:13 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-12-31 12:46:11 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2011-12-31 12:46:11 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-12-31 12:46:09 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-12-31 12:46:09 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-12-31 12:46:06 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2011-12-31 12:46:06 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-12-31 12:46:05 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2011-12-31 12:46:05 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-12-31 12:46:05 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-12-31 12:46:04 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2011-12-31 12:46:04 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-12-31 12:46:03 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2011-12-31 12:46:03 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-12-31 12:46:02 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2011-12-31 12:46:02 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2011-12-31 12:46:02 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-12-31 12:46:02 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-12-31 12:46:00 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-12-31 12:45:58 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2011-12-31 12:45:58 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2011-12-31 12:45:58 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2011-12-31 12:45:58 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-12-31 12:45:58 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-12-31 12:45:58 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-12-31 12:45:57 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2011-12-31 12:45:57 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-12-31 12:45:56 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2011-12-31 12:45:56 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2011-12-31 12:45:56 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-12-31 12:45:56 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-12-31 12:45:55 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2011-12-31 12:45:55 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-12-31 12:45:54 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2011-12-31 12:45:54 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2011-12-31 12:45:54 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-12-31 12:45:54 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-12-31 12:45:52 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2011-12-31 12:45:52 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-12-31 12:45:51 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2011-12-31 12:45:51 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2011-12-31 12:45:51 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-12-31 12:45:51 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-12-31 12:45:50 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2011-12-31 12:45:50 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-12-31 12:45:49 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2011-12-31 12:45:49 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-12-31 12:45:48 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2011-12-31 12:45:48 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2011-12-31 12:45:48 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-12-31 12:45:48 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-12-31 12:45:46 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2011-12-31 12:45:46 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-12-31 12:45:45 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2011-12-31 12:45:45 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-12-31 12:45:44 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2011-12-31 12:45:44 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-12-31 12:45:43 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2011-12-31 12:45:43 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-12-31 12:45:41 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2011-12-31 12:45:41 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2011-12-31 12:45:41 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-12-31 12:45:41 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-12-31 12:45:39 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2011-12-31 12:45:39 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2011-12-31 12:45:39 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-12-31 12:45:39 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-12-31 12:45:37 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2011-12-31 12:45:37 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2011-12-31 12:45:37 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-12-31 12:45:37 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-12-31 12:45:34 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2011-12-31 12:45:34 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-12-31 12:45:33 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2011-12-31 12:45:33 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-12-31 12:45:31 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2011-12-31 12:45:31 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2011-12-31 12:45:31 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-12-31 12:45:31 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-12-31 12:45:29 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-12-31 12:45:28 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2011-12-31 12:45:28 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2011-12-31 12:45:28 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-12-31 12:45:28 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-12-31 12:45:26 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2011-12-31 12:45:26 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2011-12-31 12:45:26 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-12-31 12:45:26 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-12-31 12:45:24 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2011-12-31 12:45:24 ----A---- C:\Windows\system32\xinput1_3.dll
2011-12-31 12:45:24 ----A---- C:\Windows\system32\d3dx9_34.dll
2011-12-31 12:45:23 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2011-12-31 12:45:23 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-12-31 12:45:21 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2011-12-31 12:45:21 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2011-12-31 12:45:21 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-12-31 12:45:21 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-12-31 12:45:18 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2011-12-31 12:45:18 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-12-31 12:45:17 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2011-12-31 12:45:17 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-12-31 12:45:16 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2011-12-31 12:45:16 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-12-31 12:45:15 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2011-12-31 12:45:15 ----A---- C:\Windows\system32\d3dx10.dll
2011-12-31 12:45:13 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2011-12-31 12:45:13 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2011-12-31 12:45:13 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-12-31 12:45:13 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-12-31 12:45:11 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2011-12-31 12:45:11 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-12-31 12:45:10 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2011-12-31 12:45:10 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2011-12-31 12:45:10 ----A---- C:\Windows\system32\xinput1_2.dll
2011-12-31 12:45:10 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-12-31 12:45:09 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2011-12-31 12:45:09 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-12-31 12:45:08 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2011-12-31 12:45:08 ----A---- C:\Windows\system32\xinput1_1.dll
2011-12-31 12:45:07 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2011-12-31 12:45:07 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-12-31 12:44:56 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-12-31 12:44:55 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2011-12-31 12:44:55 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2011-12-31 12:44:55 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-12-31 12:44:55 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-12-31 12:44:52 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2011-12-31 12:44:52 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-12-31 12:44:51 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2011-12-31 12:44:51 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-12-31 12:44:48 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2011-12-31 12:44:48 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-12-31 12:44:47 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2011-12-31 12:44:47 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-12-31 12:44:44 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2011-12-31 12:44:44 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-12-31 12:44:41 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2011-12-31 12:44:41 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-12-31 12:43:49 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-12-24 13:43:58 ----A---- C:\Windows\SYSWOW64\jit.dll
2011-12-24 13:43:58 ----A---- C:\Windows\SYSWOW64\javaee.dll
2011-12-24 13:43:58 ----A---- C:\Windows\SYSWOW64\dx3j.dll
2011-12-24 13:43:58 ----A---- C:\Windows\setdebug.exe
2011-12-24 13:43:58 ----A---- C:\Windows\jautoexp.dat
2011-12-24 13:43:56 ----D---- C:\Windows\Java
2011-12-24 13:43:55 ----A---- C:\Windows\SYSWOW64\wjview.exe
2011-12-24 13:43:55 ----A---- C:\Windows\SYSWOW64\vmhelper.dll
2011-12-24 13:43:55 ----A---- C:\Windows\SYSWOW64\msjdbc10.dll
2011-12-24 13:43:55 ----A---- C:\Windows\SYSWOW64\msjava.dll
2011-12-24 13:43:55 ----A---- C:\Windows\SYSWOW64\msawt.dll
2011-12-24 13:43:55 ----A---- C:\Windows\SYSWOW64\jview.exe
2011-12-24 13:43:55 ----A---- C:\Windows\SYSWOW64\jdbgmgr.exe
2011-12-24 13:43:54 ----A---- C:\Windows\SYSWOW64\javart.dll
2011-12-24 13:43:54 ----A---- C:\Windows\SYSWOW64\javaprxy.dll
2011-12-24 13:43:54 ----A---- C:\Windows\SYSWOW64\javacypt.dll
2011-12-24 13:43:54 ----A---- C:\Windows\SYSWOW64\clspack.exe
2011-12-24 11:49:07 ----D---- C:\ProgramData\ESET
2011-12-24 11:49:07 ----D---- C:\Program Files\ESET
2011-12-14 16:58:29 ----A---- C:\Windows\system32\csrsrv.dll
2011-12-14 16:58:03 ----A---- C:\Windows\system32\mshtml.dll
2011-12-14 16:58:02 ----A---- C:\Windows\system32\wininet.dll
2011-12-14 16:58:01 ----A---- C:\Windows\system32\ieframe.dll
2011-12-14 16:57:58 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-12-14 16:57:58 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-12-14 16:57:55 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-12-14 16:57:55 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-12-14 16:57:54 ----A---- C:\Windows\system32\urlmon.dll
2011-12-14 16:57:53 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-12-14 16:57:53 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-12-14 16:57:53 ----A---- C:\Windows\system32\msfeeds.dll
2011-12-14 16:57:53 ----A---- C:\Windows\system32\ieui.dll
2011-12-14 16:57:53 ----A---- C:\Windows\system32\iertutil.dll
2011-12-14 16:57:52 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-12-14 16:57:52 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-12-14 16:57:52 ----A---- C:\Windows\system32\mshtmled.dll
2011-12-14 16:57:51 ----A---- C:\Windows\SYSWOW64\url.dll
2011-12-14 16:57:51 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-12-14 16:57:51 ----A---- C:\Windows\system32\url.dll
2011-12-14 16:57:51 ----A---- C:\Windows\system32\jsproxy.dll
2011-12-14 16:57:13 ----A---- C:\Windows\system32\win32k.sys
2011-12-14 16:57:11 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-12-14 16:57:11 ----A---- C:\Windows\system32\EncDec.dll
2011-12-14 16:57:00 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-12-14 16:57:00 ----A---- C:\Windows\system32\tzres.dll

======List of files/folders modified in the last 1 month======

2012-01-04 20:36:59 ----D---- C:\Windows\Temp
2012-01-04 20:36:33 ----RD---- C:\Program Files
2012-01-04 20:20:04 ----D---- C:\Windows
2012-01-04 19:40:40 ----D---- C:\Windows\system32\config
2012-01-04 19:28:50 ----A---- C:\Windows\SYSWOW64\log.txt
2012-01-03 18:13:07 ----RD---- C:\Program Files (x86)
2012-01-02 19:06:30 ----SHD---- C:\Windows\Installer
2012-01-02 19:06:23 ----HD---- C:\Config.Msi
2012-01-02 19:06:22 ----D---- C:\Windows\SysWOW64
2012-01-02 19:06:22 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-01-02 07:23:58 ----D---- C:\Windows\System32
2012-01-02 07:23:58 ----D---- C:\Windows\inf
2012-01-02 07:23:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-01 15:58:58 ----D---- C:\Windows\system32\Tasks
2012-01-01 13:52:56 ----D---- C:\Program Files (x86)\Common Files
2012-01-01 13:52:37 ----SHD---- C:\System Volume Information
2012-01-01 13:51:51 ----D---- C:\Windows\SYSWOW64\drivers
2012-01-01 13:43:09 ----D---- C:\Windows\system32\catroot2
2011-12-31 21:52:12 ----D---- C:\Windows\Microsoft.NET
2011-12-31 21:51:51 ----RSD---- C:\Windows\assembly
2011-12-31 21:43:10 ----D---- C:\Windows\winsxs
2011-12-31 19:04:48 ----D---- C:\Windows\system32\drivers
2011-12-31 19:04:46 ----D---- C:\Windows\system32\catroot
2011-12-31 19:04:45 ----D---- C:\Windows\system32\DriverStore
2011-12-31 19:03:59 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-12-31 12:26:39 ----D---- C:\Program Files (x86)\Quadriga Games
2011-12-30 22:14:48 ----D---- C:\Users\Hadraba\AppData\Roaming\ProtectDISC
2011-12-24 13:44:05 ----D---- C:\Windows\Help
2011-12-24 11:49:07 ----HD---- C:\ProgramData
2011-12-24 11:44:52 ----D---- C:\Windows\Prefetch
2011-12-24 11:42:20 ----D---- C:\Program Files (x86)\Opera
2011-12-15 16:27:41 ----D---- C:\Windows\SYSWOW64\migration
2011-12-15 16:27:41 ----D---- C:\Program Files\Internet Explorer
2011-12-15 16:27:41 ----D---- C:\Program Files (x86)\Internet Explorer
2011-12-15 16:27:40 ----D---- C:\Windows\system32\migration
2011-12-14 23:00:07 ----A---- C:\Windows\system32\MRT.exe
2011-12-14 22:59:19 ----D---- C:\Windows\SYSWOW64\sk-SK
2011-12-14 22:59:19 ----D---- C:\Windows\system32\sk-SK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-01-15 538136]
R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2010-03-22 46192]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-15 254528]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2009-07-28 81768]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-10-05 7884288]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-10-05 285696]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-11-05 2637824]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver; C:\Windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
R3 CeKbFilter;CeKbFilter; C:\Windows\system32\DRIVERS\CeKbFilter.sys [2010-12-29 20592]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-28 2445672]
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 11264]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-10 316464]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2009-06-17 54664]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2010-06-18 18872]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2005-06-14 296448]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-01-07 232992]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2010-04-07 214248]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2009-06-19 50664]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2009-06-19 94336]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2009-07-24 26472]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2010-04-26 63488]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2010-05-13 59704]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-10-05 203264]
R2 cfWiMAXService;Služba ConfigFree WiMAX; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R2 ConfigFree Service;Služba ConfigFree; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-03-03 268824]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2011-06-19 189248]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 156016]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2010-09-28 489384]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2010-04-12 196976]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-19 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Re: prosim o kontrolu z RSIT

Napsal: 04 led 2012 20:45
od svkjozef
toto my tiez v druhom liste ukazlo

nfo.txt logfile of random's system information tool 1.09 2012-01-04 20:37:38

======Uninstall list======

-->C:\Program Files\TOSHIBA\TVAP\setup.exe
-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
64 Bit HP CIO Components Installer-->MsiExec.exe /I{55D55008-E5F6-47D6-B16F-B2A40D4D145F}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{922E8525-AC7E-4294-ACAA-43712D4423C0}
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe -maintain plugin
Adobe Reader 9.4.7 - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-A94000000001}
Atheros Bluetooth Filter Driver Package-->MsiExec.exe /X{65486209-5C54-439C-8383-8AC9BBE25932}
Atheros Driver Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe" -runfromtemp -l0x0409
ATI Catalyst Install Manager-->msiexec /q/x{A92CF2B1-6B11-49CE-66E4-0140C7F5784A} REBOOT=ReallySuppress
Batman Arkham City version 1.0-->"C:\Program Files (x86)\Batman Arkham City\unins000.exe"
Bing Bar-->C:\Program Files (x86)\Bing Bar Installer\InstallManager.exe /UNINSTALL
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Catalyst Control Center - Branding-->MsiExec.exe /I{7AC3D68A-39E1-421D-8E7E-7071A6C6EFD0}
COWON Media Center - jetAudio Basic VX-->"C:\Program Files (x86)\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -runfromtemp -l0x0409 -removeonly
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Lite-->D:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Doplnok programu Messenger-->MsiExec.exe /I{6D2F0A26-ECEA-49CE-833C-9A6125F3D5E8}
DWG TrueView 2012-->D:\Program Files\Autodesk\DWG TrueView 2012\Setup\Setup.exe /P {5783F2D7-A028-0409-0100-0060B0CE6BBA} /M AOEM /language en-US
Emergency 2012-->"C:\Program Files (x86)\Quadriga Games\Emergency 2012\uninstall.exe"
Facemoods Toolbar-->"C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe"
Farm Frenzy 3-->"C:\Program Files (x86)\Farm Frenzy 3\ReflexiveArcade\unins000.exe"
HP Customer Participation Program 13.0-->C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6-->C:\Program Files (x86)\HP\Digital Imaging\{7F08A772-2816-4F46-84F1-49578502AD28}\setup\hpzscr40.exe -datfile hposcr46.dat -onestop -forcereboot
HP Imaging Device Functions 13.0-->C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Print Projects 1.0-->C:\Program Files (x86)\HP\Digital Imaging\HPPrintProjects\hpzscr01.exe -datfile hpqbud19.dat
HP Smart Web Printing 4.5-->C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files (x86)\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
James Bond 007(TM) - Blood Stone-->"C:\Program Files (x86)\InstallShield Installation Information\{8A56A332-F833-45CF-9A20-6F3524054843}\setup.exe" -runfromtemp -l0x0409 -removeonly
James Bond 007(TM) - Blood Stone-->MsiExec.exe /X{8A56A332-F833-45CF-9A20-6F3524054843}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
JDownloader 0.9-->C:\Program Files (x86)\JDownloader\JDUninstall.exe
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft Default Manager-->MsiExec.exe /X{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF}
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{06E6E30D-B498-442F-A943-07DE41D7F785}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Native Client-->MsiExec.exe /I{6E740973-8E71-42F9-A910-C18452E60450}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{50822200-2E95-4E62-A8D8-41C3B308DF5E}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero ControlCenter 10 Help (CHM)-->MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
OpenOffice.org 3.2-->MsiExec.exe /I{28B94253-5729-4C30-8DE4-F2A0A63149B0}
Opera 11.60-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia-->MsiExec.exe /I{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}
Photo Service - powered by myphotobook-->msiexec /qb /x {3D047C6C-19EE-46E3-C14B-9FA84260DF9B}
Photo Service - powered by myphotobook-->MsiExec.exe /I{3D047C6C-19EE-46E3-C14B-9FA84260DF9B}
PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}
ProtectDisc Driver, Version 11-->C:\Program Files (x86)\ProtectDisc Driver Installer\uninstall_v11.exe
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\Setup.exe" -runfromtemp -removeonly
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended
Shop for HP Supplies-->C:\Program Files (x86)\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Switch Sound File Converter-->C:\Program Files (x86)\NCH Swift Sound\Switch\uninst.exe
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA Assist-->C:\Program Files (x86)\InstallShield Installation Information\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}\setup.exe -runfromtemp -l0x001b -removeonly
TOSHIBA Bulletin Board-->"C:\Program Files (x86)\InstallShield Installation Information\{C14518AF-1A0F-4D39-8011-69BAA01CD380}\setup.exe" -runfromtemp -l0x041b -removeonly
TOSHIBA Bulletin Board-->MsiExec.exe /X{C14518AF-1A0F-4D39-8011-69BAA01CD380}
TOSHIBA ConfigFree-->MsiExec.exe /X{E0FAA369-B0E3-48B8-9447-4873103B0012}
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x041b -removeonly
TOSHIBA Face Recognition-->MsiExec.exe /X{F67FA545-D8E5-4209-86B1-AEE045D1003F}
TOSHIBA Flash Cards Support Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{620BBA5E-F848-4D56-8BDA-584E44584C5E}\setup.exe" -runfromtemp -l0x041b
TOSHIBA Flash Cards Support Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{620BBA5E-F848-4D56-8BDA-584E44584C5E}\setup.exe" -runfromtemp -l0x041b -removeonly
TOSHIBA Hardware Setup-->"C:\Program Files (x86)\InstallShield Installation Information\{5279374D-87FE-4879-9385-F17278EBB9D3}\setup.exe" -runfromtemp -l0x041b -removeonly
TOSHIBA Hardware Setup-->MsiExec.exe /I{5279374D-87FE-4879-9385-F17278EBB9D3}
TOSHIBA HDD/SSD Alert-->C:\Program Files (x86)\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x041b
TOSHIBA HDD/SSD Alert-->C:\Program Files (x86)\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x041b
TOSHIBA Heslo správcu-->"C:\Program Files (x86)\InstallShield Installation Information\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}\setup.exe" -runfromtemp -l0x041b -removeonly
Toshiba Manuals-->"C:\Program Files (x86)\InstallShield Installation Information\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}\setup.exe" -runfromtemp -l0x001b -removeonly
TOSHIBA Media Controller Plug-in-->MsiExec.exe /X{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}
TOSHIBA Media Controller-->C:\Program Files (x86)\InstallShield Installation Information\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}\setup.exe -runfromtemp -l0x001b -removeonly
TOSHIBA Online Product Information-->C:\Program Files (x86)\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA Recovery Media Creator Reminder-->C:\Program Files (x86)\InstallShield Installation Information\{773970F1-5EBA-4474-ADEE-1EA3B0A59492}\setup.exe -runfromtemp -l0x041b
TOSHIBA Recovery Media Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
TOSHIBA ReelTime-->"C:\Program Files (x86)\InstallShield Installation Information\{24811C12-F4A9-4D0F-8494-A7B8FE46123C}\setup.exe" -runfromtemp -l0x041b -removeonly
TOSHIBA ReelTime-->MsiExec.exe /X{24811C12-F4A9-4D0F-8494-A7B8FE46123C}
TOSHIBA Service Station-->C:\Program Files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x001b -removeonly
TOSHIBA Supervisor Password-->"C:\Program Files (x86)\InstallShield Installation Information\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}\setup.exe" -runfromtemp -l0x041b
Toshiba TEMPRO-->MsiExec.exe /X{DBB7021A-3437-446F-ACE5-7261644A972C}
TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe
TOSHIBA Web Camera Application-->C:\Program Files (x86)\InstallShield Installation Information\{5E6F6CF3-BACC-4144-868C-E14622C658F3}\setup.exe -runfromtemp -l0x001b -removeonly
TRORMCLauncher-->C:\Program Files (x86)\InstallShield Installation Information\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\setup.exe -runfromtemp -l0x041b
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
Utility Common Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}\setup.exe" -runfromtemp -l0x0409 -removeonly
Utility Common Driver-->MsiExec.exe /I{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}
VLC media player 1.1.9-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Driver Package - ATI Technologies Inc. (amdkmdap) Display (10/05/2010 8.783.0.0000)-->C:\PROGRA~1\DIFX\8730326CFC0D32D8\DPInst64.exe /u C:\Windows\System32\DriverStore\FileRepository\c7107404.inf_amd64_neutral_6e326a4d9244b030\c7107404.inf
Windows Driver Package - ATI Technologies Inc. (amdkmdap) Display (10/05/2010 8.783.0.0000)-->C:\PROGRA~1\DIFX\8730326CFC0D32D8\DPInst64.exe /u C:\Windows\System32\DriverStore\FileRepository\ch107404.inf_amd64_neutral_febf39318398b79f\ch107404.inf
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}
Windows Live Fotogaléria-->MsiExec.exe /X{97F77D62-5110-4FA3-A2D3-410B92D31199}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{FA6CF94F-DACF-4FE7-959D-55C421B91B17}
Windows Live Mesh-->MsiExec.exe /I{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger-->MsiExec.exe /X{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}
Windows Live Photo Common-->MsiExec.exe /X{6F37D92B-41AA-44B7-80D2-457ABDE11896}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live Remote Client Resources-->MsiExec.exe /I{5F44A3A1-5D24-4708-8776-66B42B174C64}
Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Service Resources-->MsiExec.exe /I{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}
Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{02C0A02E-AB30-446C-B4C3-A03310D95F53}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}
Windows Live Writer-->MsiExec.exe /X{11778DA1-0495-4ED9-972F-F9E0B0367CD5}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
WinRAR 4.01 (64-bit)-->D:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: Hadraba-TOSH
Event Code: 1014
Message: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Record Number: 185243
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20111116231609.025636-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Hadraba-TOSH
Event Code: 1014
Message: Name resolution for the name exp01.eset.com timed out after none of the configured DNS servers responded.
Record Number: 184898
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20111116190450.703858-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Hadraba-TOSH
Event Code: 7000
Message: Spustenie služby Hardlock zlyhalo kvôli nasledujúcej chybe:
Systém Windows nemôže overiť digitálny podpis pre tento súbor. Pri poslednej zmene hardvérovej alebo softvérovej konfigurácie sa mohol nainštalovať súbor, ktorý je nesprávne podpísaný alebo poškodený, alebo to môže byť škodlivý softvér z neznámeho zdroja.
Record Number: 184866
Source Name: Service Control Manager
Time Written: 20111116190249.365644-000
Event Type: Error
User:

Computer Name: Hadraba-TOSH
Event Code: 4001
Message: Služba automatickej konfigurácie siete WLAN sa úspešne zastavila.

Record Number: 184812
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20111114220100.265293-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Hadraba-TOSH
Event Code: 10002
Message: Modul WLAN Extensibility Module sa zastavil.

Cesta k modulu: C:\Windows\system32\athihvs.dll

Record Number: 184811
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20111114220100.249693-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Hadraba-TOSH
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 1496
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20110614175857.046283-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Hadraba-TOSH
Event Code: 3036
Message: The content source <file:C:/ProgramData/Microsoft/Windows/Start Menu/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
Prístup je odmietnutý. Skontrolujte správnosť predvoleného konta na prístup k obsahu v rámci centrálnej správy služby Windows Search alebo kliknite na prepojenie Vylúčiť a zahrnúť obsah a pridajte pravidlo na zadanie správneho konta na prehľadávanie obsahu na prístup k tejto adrese URL. (HRESULT : 0x80041205) (0x80041205)

Record Number: 1492
Source Name: Microsoft-Windows-Search
Time Written: 20110614175749.000000-000
Event Type: Warning
User:

Computer Name: Hadraba-TOSH
Event Code: 3036
Message: The content source <file:C:/ProgramData/Microsoft/Windows/Start Menu/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
Prístup je odmietnutý. Skontrolujte správnosť predvoleného konta na prístup k obsahu v rámci centrálnej správy služby Windows Search alebo kliknite na prepojenie Vylúčiť a zahrnúť obsah a pridajte pravidlo na zadanie správneho konta na prehľadávanie obsahu na prístup k tejto adrese URL. (HRESULT : 0x80041205) (0x80041205)

Record Number: 1491
Source Name: Microsoft-Windows-Search
Time Written: 20110614175737.000000-000
Event Type: Warning
User:

Computer Name: Hadraba-TOSH
Event Code: 3036
Message: The content source <file:C:/Users/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
Prístup je odmietnutý. Skontrolujte správnosť predvoleného konta na prístup k obsahu v rámci centrálnej správy služby Windows Search alebo kliknite na prepojenie Vylúčiť a zahrnúť obsah a pridajte pravidlo na zadanie správneho konta na prehľadávanie obsahu na prístup k tejto adrese URL. (HRESULT : 0x80041205) (0x80041205)

Record Number: 1490
Source Name: Microsoft-Windows-Search
Time Written: 20110614175736.000000-000
Event Type: Warning
User:

Computer Name: Hadraba-TOSH
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.

Record Number: 1480
Source Name: Microsoft-Windows-Search
Time Written: 20110614175659.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: WIN-7FFQJU29QVP
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: WIN-7FFQJU29QVP$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x278
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 1069
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101229082734.488992-000
Event Type: Audit Success
User:

Computer Name: WIN-7FFQJU29QVP
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1068
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101229082732.726189-000
Event Type: Audit Success
User:

Computer Name: WIN-7FFQJU29QVP
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: WIN-7FFQJU29QVP$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x278
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 1067
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101229082732.726189-000
Event Type: Audit Success
User:

Computer Name: WIN-7FFQJU29QVP
Event Code: 4738
Message: A user account was changed.

Subject:
Security ID: S-1-5-21-1468538067-935279711-713652950-500
Account Name: Administrator
Account Domain: WIN-7FFQJU29QVP
Logon ID: 0x4c6a1

Target Account:
Security ID: S-1-5-21-1468538067-935279711-713652950-500
Account Name: Administrator
Account Domain: WIN-7FFQJU29QVP

Changed Attributes:
SAM Account Name: -
Display Name: -
User Principal Name: -
Home Directory: -
Home Drive: -
Script Path: -
Profile Path: -
User Workstations: -
Password Last Set: -
Account Expires: -
Primary Group ID: -
AllowedToDelegateTo: -
Old UAC Value: 0x211
New UAC Value: 0x211
User Account Control: -
User Parameters: -
SID History: -
Logon Hours: -

Additional Information:
Privileges: -
Record Number: 1066
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101229082730.760585-000
Event Type: Audit Success
User:

Computer Name: WIN-7FFQJU29QVP
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-1468538067-935279711-713652950-500
Account Name: Administrator
Domain Name: WIN-7FFQJU29QVP
Logon ID: 0x4c6a1
Record Number: 1065
Source Name: Microsoft-Windows-Eventlog
Time Written: 20101229082720.542567-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=2505

-----------------EOF-----------------

Re: prosim o kontrolu z RSIT

Napsal: 04 led 2012 22:43
od Roli
Zdravím, v HJT fixni :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
O4 - HKCU\..\Run: [UpdateMes] C:\Users\Hadraba\AppData\Roaming\Updatem\d_update\zupdate.exe

HJT najdeš zde :

C:\Program Files\trend micro\Hadraba.exe

Fix znamená že spustíš HJT Obrázek jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

Re: prosim o kontrolu z RSIT

Napsal: 04 led 2012 23:24
od svkjozef
posielam log z mbam a vyzera to dobre , nic nebolo najddene

4. 1. 2012 23:19:48
mbam-log-2012-01-04 (23-19-48).txt

Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 174583
Uplynutý čas: 3 min, 16 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 0
(Škodlivé položky neboli zistené)

(koniec)

Re: prosim o kontrolu z RSIT

Napsal: 05 led 2012 22:20
od Roli
Ještě mi sem dej aktuální log.txt z Rsit, podívám se co tam ještě zůstalo za nepořádek.

Re: prosim o kontrolu z RSIT

Napsal: 06 led 2012 08:19
od svkjozef
tu je to

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:15:31, on 6. 1. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\trend micro\Hadraba.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Služba ConfigFree WiMAX (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: Služba ConfigFree (ConfigFree Service) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10687 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 3536352
\??\C:\Windows\system32\conhost.exe "-1385845613395507518-12055360667407823051223045537-888805939-10306086851893058099
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe"
"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"
"C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE3
"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"
"C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe"
"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrB.exe
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 3212
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
taskeng.exe {98D27D8E-42F6-4942-90AF-DE09ADDC6FE9}
"C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe"
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"
C:\Windows\splwow64.exe 8192
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Opera\opera.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
"D:\Downloads\RSITx64.exe"
"C:\Windows\system32\wuauclt.exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19 529784]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2010-04-23 595816]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-07-09 38304]
"Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2010-05-11 1050072]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-28 11101800]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-07-28 2120808]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2010-09-28 566184]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-08-13 570680]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-05-10 915320]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-10 2052392]
"SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-02-05 709976]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [2010-04-19 136136]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 4035152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe [2011-06-15 240288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~2\Toshiba\BLUETO~1\TosBtMng.exe [2010-10-07 2721184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe [2009-05-21 275768]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-11-11 288088]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-10-05 98304]
"SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2010-03-03 352256]
"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2010-03-04 423936]
"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2010-08-15 34160]
"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-05-01 2454840]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2011-12-24 460872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2012-01-04 23:09:36 ----D---- C:\Users\Hadraba\AppData\Roaming\Malwarebytes
2012-01-04 23:09:30 ----D---- C:\ProgramData\Malwarebytes
2012-01-04 23:09:28 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-04 23:09:28 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-01-04 20:48:21 ----D---- C:\Program Files\CCleaner
2012-01-04 20:36:33 ----D---- C:\rsit
2012-01-04 20:36:33 ----D---- C:\Program Files\trend micro
2012-01-04 20:20:04 ----D---- C:\Windows\pss
2012-01-03 18:13:07 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-01-03 18:12:25 ----D---- C:\Program Files (x86)\JDownloader
2012-01-03 17:43:40 ----D---- C:\Users\Hadraba\AppData\Roaming\VitySoft
2012-01-01 22:09:22 ----D---- C:\Program Files (x86)\Batman Arkham City
2012-01-01 18:23:18 ----D---- C:\Program Files (x86)\Call of Duty- Modern Warfare 3
2011-12-31 18:58:46 ----A---- C:\Windows\system32\shell32.dll
2011-12-31 18:58:41 ----A---- C:\Windows\SYSWOW64\shell32.dll
2011-12-31 12:46:20 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2011-12-31 12:46:20 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2011-12-31 12:46:20 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-12-31 12:46:20 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-12-31 12:46:19 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2011-12-31 12:46:19 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2011-12-31 12:46:19 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-12-31 12:46:19 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-12-31 12:46:18 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-12-31 12:46:17 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2011-12-31 12:46:17 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-12-31 12:46:16 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2011-12-31 12:46:16 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-12-31 12:46:13 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2011-12-31 12:46:13 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2011-12-31 12:46:13 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-12-31 12:46:13 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-12-31 12:46:11 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2011-12-31 12:46:11 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-12-31 12:46:09 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-12-31 12:46:09 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-12-31 12:46:06 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2011-12-31 12:46:06 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-12-31 12:46:05 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2011-12-31 12:46:05 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-12-31 12:46:05 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-12-31 12:46:04 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2011-12-31 12:46:04 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-12-31 12:46:03 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2011-12-31 12:46:03 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-12-31 12:46:02 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2011-12-31 12:46:02 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2011-12-31 12:46:02 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-12-31 12:46:02 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-12-31 12:46:00 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-12-31 12:45:58 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2011-12-31 12:45:58 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2011-12-31 12:45:58 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2011-12-31 12:45:58 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-12-31 12:45:58 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-12-31 12:45:58 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-12-31 12:45:57 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2011-12-31 12:45:57 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-12-31 12:45:56 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2011-12-31 12:45:56 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2011-12-31 12:45:56 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-12-31 12:45:56 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-12-31 12:45:55 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2011-12-31 12:45:55 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-12-31 12:45:54 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2011-12-31 12:45:54 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2011-12-31 12:45:54 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-12-31 12:45:54 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-12-31 12:45:52 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2011-12-31 12:45:52 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-12-31 12:45:51 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2011-12-31 12:45:51 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2011-12-31 12:45:51 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-12-31 12:45:51 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-12-31 12:45:50 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2011-12-31 12:45:50 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-12-31 12:45:49 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2011-12-31 12:45:49 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-12-31 12:45:48 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2011-12-31 12:45:48 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2011-12-31 12:45:48 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-12-31 12:45:48 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-12-31 12:45:46 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2011-12-31 12:45:46 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-12-31 12:45:45 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2011-12-31 12:45:45 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-12-31 12:45:44 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2011-12-31 12:45:44 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-12-31 12:45:43 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2011-12-31 12:45:43 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-12-31 12:45:41 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2011-12-31 12:45:41 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2011-12-31 12:45:41 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-12-31 12:45:41 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-12-31 12:45:39 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2011-12-31 12:45:39 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2011-12-31 12:45:39 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-12-31 12:45:39 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-12-31 12:45:37 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2011-12-31 12:45:37 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2011-12-31 12:45:37 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-12-31 12:45:37 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-12-31 12:45:34 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2011-12-31 12:45:34 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-12-31 12:45:33 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2011-12-31 12:45:33 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-12-31 12:45:31 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2011-12-31 12:45:31 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2011-12-31 12:45:31 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-12-31 12:45:31 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-12-31 12:45:29 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-12-31 12:45:28 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2011-12-31 12:45:28 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2011-12-31 12:45:28 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-12-31 12:45:28 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-12-31 12:45:26 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2011-12-31 12:45:26 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2011-12-31 12:45:26 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-12-31 12:45:26 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-12-31 12:45:24 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2011-12-31 12:45:24 ----A---- C:\Windows\system32\xinput1_3.dll
2011-12-31 12:45:24 ----A---- C:\Windows\system32\d3dx9_34.dll
2011-12-31 12:45:23 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2011-12-31 12:45:23 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-12-31 12:45:21 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2011-12-31 12:45:21 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2011-12-31 12:45:21 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-12-31 12:45:21 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-12-31 12:45:18 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2011-12-31 12:45:18 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-12-31 12:45:17 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2011-12-31 12:45:17 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-12-31 12:45:16 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2011-12-31 12:45:16 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-12-31 12:45:15 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2011-12-31 12:45:15 ----A---- C:\Windows\system32\d3dx10.dll
2011-12-31 12:45:13 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2011-12-31 12:45:13 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2011-12-31 12:45:13 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-12-31 12:45:13 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-12-31 12:45:11 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2011-12-31 12:45:11 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-12-31 12:45:10 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2011-12-31 12:45:10 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2011-12-31 12:45:10 ----A---- C:\Windows\system32\xinput1_2.dll
2011-12-31 12:45:10 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-12-31 12:45:09 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2011-12-31 12:45:09 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-12-31 12:45:08 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2011-12-31 12:45:08 ----A---- C:\Windows\system32\xinput1_1.dll
2011-12-31 12:45:07 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2011-12-31 12:45:07 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-12-31 12:44:56 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-12-31 12:44:55 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2011-12-31 12:44:55 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2011-12-31 12:44:55 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-12-31 12:44:55 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-12-31 12:44:52 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2011-12-31 12:44:52 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-12-31 12:44:51 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2011-12-31 12:44:51 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-12-31 12:44:48 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2011-12-31 12:44:48 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-12-31 12:44:47 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2011-12-31 12:44:47 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-12-31 12:44:44 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2011-12-31 12:44:44 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-12-31 12:44:41 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2011-12-31 12:44:41 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-12-31 12:43:49 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-12-24 13:43:58 ----A---- C:\Windows\SYSWOW64\jit.dll
2011-12-24 13:43:58 ----A---- C:\Windows\SYSWOW64\javaee.dll
2011-12-24 13:43:58 ----A---- C:\Windows\SYSWOW64\dx3j.dll
2011-12-24 13:43:58 ----A---- C:\Windows\setdebug.exe
2011-12-24 13:43:58 ----A---- C:\Windows\jautoexp.dat
2011-12-24 13:43:56 ----D---- C:\Windows\Java
2011-12-24 13:43:55 ----A---- C:\Windows\SYSWOW64\wjview.exe
2011-12-24 13:43:55 ----A---- C:\Windows\SYSWOW64\vmhelper.dll
2011-12-24 13:43:55 ----A---- C:\Windows\SYSWOW64\msjdbc10.dll
2011-12-24 13:43:55 ----A---- C:\Windows\SYSWOW64\msjava.dll
2011-12-24 13:43:55 ----A---- C:\Windows\SYSWOW64\msawt.dll
2011-12-24 13:43:55 ----A---- C:\Windows\SYSWOW64\jview.exe
2011-12-24 13:43:55 ----A---- C:\Windows\SYSWOW64\jdbgmgr.exe
2011-12-24 13:43:54 ----A---- C:\Windows\SYSWOW64\javart.dll
2011-12-24 13:43:54 ----A---- C:\Windows\SYSWOW64\javaprxy.dll
2011-12-24 13:43:54 ----A---- C:\Windows\SYSWOW64\javacypt.dll
2011-12-24 13:43:54 ----A---- C:\Windows\SYSWOW64\clspack.exe
2011-12-24 11:49:07 ----D---- C:\ProgramData\ESET
2011-12-24 11:49:07 ----D---- C:\Program Files\ESET
2011-12-14 16:58:29 ----A---- C:\Windows\system32\csrsrv.dll
2011-12-14 16:58:03 ----A---- C:\Windows\system32\mshtml.dll
2011-12-14 16:58:02 ----A---- C:\Windows\system32\wininet.dll
2011-12-14 16:58:01 ----A---- C:\Windows\system32\ieframe.dll
2011-12-14 16:57:58 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-12-14 16:57:58 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-12-14 16:57:55 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-12-14 16:57:55 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-12-14 16:57:54 ----A---- C:\Windows\system32\urlmon.dll
2011-12-14 16:57:53 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-12-14 16:57:53 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-12-14 16:57:53 ----A---- C:\Windows\system32\msfeeds.dll
2011-12-14 16:57:53 ----A---- C:\Windows\system32\ieui.dll
2011-12-14 16:57:53 ----A---- C:\Windows\system32\iertutil.dll
2011-12-14 16:57:52 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-12-14 16:57:52 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-12-14 16:57:52 ----A---- C:\Windows\system32\mshtmled.dll
2011-12-14 16:57:51 ----A---- C:\Windows\SYSWOW64\url.dll
2011-12-14 16:57:51 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-12-14 16:57:51 ----A---- C:\Windows\system32\url.dll
2011-12-14 16:57:51 ----A---- C:\Windows\system32\jsproxy.dll
2011-12-14 16:57:13 ----A---- C:\Windows\system32\win32k.sys
2011-12-14 16:57:11 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-12-14 16:57:11 ----A---- C:\Windows\system32\EncDec.dll
2011-12-14 16:57:00 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-12-14 16:57:00 ----A---- C:\Windows\system32\tzres.dll
2011-11-22 17:15:06 ----D---- C:\Users\Hadraba\AppData\Roaming\HP
2011-11-22 17:15:06 ----D---- C:\ProgramData\WEBREG
2011-11-22 17:09:28 ----D---- C:\ProgramData\HP Product Assistant
2011-11-22 17:04:26 ----A---- C:\Windows\system32\hpzids40.dll
2011-11-22 17:04:22 ----A---- C:\Windows\system32\hpf3l70w.dll
2011-11-22 17:04:20 ----A---- C:\Windows\system32\hppldcoi.dll
2011-11-22 17:04:20 ----A---- C:\Windows\system32\hposwia_d02d.dll
2011-11-22 17:04:20 ----A---- C:\Windows\system32\hpost_d02d.dll
2011-11-22 17:04:20 ----A---- C:\Windows\system32\hposc_d02a.dll
2011-11-22 17:03:44 ----HD---- C:\Config.Msi
2011-11-22 17:03:07 ----D---- C:\Program Files (x86)\HP
2011-11-22 17:00:59 ----D---- C:\Program Files\HP
2011-11-22 16:56:22 ----A---- C:\Windows\hpoins46.dat
2011-11-22 16:55:39 ----D---- C:\ProgramData\HP
2011-11-19 00:46:16 ----D---- C:\Users\Hadraba\AppData\Roaming\Mozilla
2011-11-09 11:42:56 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-11-08 19:36:07 ----D---- C:\FordEcat
2011-11-08 11:50:37 ----D---- C:\Windows\PCHEALTH
2011-11-08 11:50:22 ----D---- C:\Program Files\Microsoft SQL Server
2011-11-08 11:50:13 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2011-11-01 08:53:22 ----D---- C:\Users\Hadraba\AppData\Roaming\ESET
2011-10-16 21:21:54 ----D---- C:\ProgramData\FarmFrenzy3
2011-10-16 21:20:48 ----D---- C:\Program Files (x86)\Farm Frenzy 3
2011-10-16 21:20:31 ----D---- C:\Program Files (x86)\ReflexiveArcade
2011-10-12 17:53:27 ----SHD---- C:\ProgramData\DSS
2011-10-12 16:35:10 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-10-12 16:35:10 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-12 16:34:21 ----A---- C:\Windows\system32\oleacc.dll
2011-10-12 16:34:20 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-10-12 16:34:19 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-10-12 16:34:18 ----A---- C:\Windows\system32\oleaut32.dll
2011-10-08 18:14:09 ----D---- C:\medicina
2011-10-08 18:12:27 ----A---- C:\Windows\system32\drivers\hardlock.sys
2011-10-08 17:59:20 ----N---- C:\Windows\SYSWOW64\textexpt.dll
2011-10-08 17:59:19 ----N---- C:\Windows\SYSWOW64\rtfexpt.dll
2011-10-08 17:59:19 ----N---- C:\Windows\SYSWOW64\pdfexpt.dll
2011-10-08 17:59:19 ----N---- C:\Windows\SYSWOW64\htmlexpt.dll
2011-10-08 17:59:18 ----N---- C:\Windows\SYSWOW64\exclexpt.dll
2011-10-08 17:59:17 ----N---- C:\Windows\SYSWOW64\ActRpt.dll
2011-10-08 17:59:16 ----N---- C:\Windows\SYSWOW64\ROBOEX32.DLL
2011-10-08 17:59:16 ----N---- C:\Windows\SYSWOW64\msxml3a.dll
2011-10-08 17:59:16 ----N---- C:\Windows\SYSWOW64\MHENCD32.DLL
2011-10-08 17:59:16 ----N---- C:\Windows\SYSWOW64\INETWH32.DLL
2011-10-08 17:59:16 ----N---- C:\Windows\SYSWOW64\INETWH16.DLL
2011-10-08 17:59:16 ----N---- C:\Windows\SYSWOW64\diCryptoSys.dll
2011-10-08 17:59:16 ----N---- C:\Windows\SYSWOW64\CSICMP32.DLL
2011-10-08 17:58:59 ----N---- C:\Windows\SYSWOW64\VB5DB.DLL

======List of files/folders modified in the last 3 months======

2012-01-06 08:15:29 ----D---- C:\Windows\Temp
2012-01-06 08:14:56 ----D---- C:\Windows\system32\config
2012-01-06 08:11:07 ----A---- C:\Windows\SYSWOW64\log.txt
2012-01-05 19:01:33 ----D---- C:\Windows\System32
2012-01-05 19:01:33 ----D---- C:\Windows\inf
2012-01-05 19:01:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-05 17:31:19 ----D---- C:\Windows
2012-01-04 23:09:30 ----HD---- C:\ProgramData
2012-01-04 23:09:28 ----RD---- C:\Program Files (x86)
2012-01-04 23:09:28 ----D---- C:\Windows\system32\drivers
2012-01-04 20:54:23 ----D---- C:\Users\Hadraba\AppData\Roaming\DAEMON Tools Lite
2012-01-04 20:54:10 ----D---- C:\Windows\Panther
2012-01-04 20:54:09 ----D---- C:\Windows\Logs
2012-01-04 20:54:09 ----D---- C:\Windows\debug
2012-01-04 20:48:21 ----RD---- C:\Program Files
2012-01-02 19:06:30 ----SHD---- C:\Windows\Installer
2012-01-02 19:06:22 ----D---- C:\Windows\SysWOW64
2012-01-02 19:06:22 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-01-01 15:58:58 ----D---- C:\Windows\system32\Tasks
2012-01-01 13:52:56 ----D---- C:\Program Files (x86)\Common Files
2012-01-01 13:52:37 ----SHD---- C:\System Volume Information
2012-01-01 13:51:51 ----D---- C:\Windows\SYSWOW64\drivers
2012-01-01 13:43:09 ----D---- C:\Windows\system32\catroot2
2011-12-31 21:52:12 ----D---- C:\Windows\Microsoft.NET
2011-12-31 21:51:51 ----RSD---- C:\Windows\assembly
2011-12-31 21:43:10 ----D---- C:\Windows\winsxs
2011-12-31 19:04:46 ----D---- C:\Windows\system32\catroot
2011-12-31 19:04:45 ----D---- C:\Windows\system32\DriverStore
2011-12-31 19:03:59 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-12-31 12:26:39 ----D---- C:\Program Files (x86)\Quadriga Games
2011-12-30 22:14:48 ----D---- C:\Users\Hadraba\AppData\Roaming\ProtectDISC
2011-12-24 13:44:05 ----D---- C:\Windows\Help
2011-12-24 11:44:52 ----D---- C:\Windows\Prefetch
2011-12-24 11:42:20 ----D---- C:\Program Files (x86)\Opera
2011-12-15 16:27:41 ----D---- C:\Windows\SYSWOW64\migration
2011-12-15 16:27:41 ----D---- C:\Program Files\Internet Explorer
2011-12-15 16:27:41 ----D---- C:\Program Files (x86)\Internet Explorer
2011-12-15 16:27:40 ----D---- C:\Windows\system32\migration
2011-12-14 23:00:07 ----A---- C:\Windows\system32\MRT.exe
2011-12-14 22:59:19 ----D---- C:\Windows\SYSWOW64\sk-SK
2011-12-14 22:59:19 ----D---- C:\Windows\system32\sk-SK
2011-11-23 22:42:59 ----D---- C:\Users\Hadraba\AppData\Roaming\vlc
2011-11-22 17:14:46 ----A---- C:\Windows\win.ini
2011-11-22 17:13:27 ----D---- C:\Windows\twain_32
2011-11-22 17:09:39 ----RSD---- C:\Windows\Fonts
2011-11-19 22:09:49 ----SD---- C:\Users\Hadraba\AppData\Roaming\Microsoft
2011-11-18 17:22:42 ----D---- C:\Users\Hadraba\AppData\Roaming\Updatem
2011-11-09 18:49:39 ----D---- C:\Program Files\Common Files\System
2011-11-08 19:41:27 ----D---- C:\Windows\registration
2011-11-08 16:18:46 ----D---- C:\Windows\Tasks
2011-11-08 16:18:46 ----D---- C:\Windows\system32\wfp
2011-11-08 16:18:41 ----D---- C:\Windows\system32\wbem
2011-11-08 16:17:55 ----D---- C:\Windows\system32\Msdtc
2011-10-28 15:29:37 ----D---- C:\Users\Hadraba\AppData\Roaming\Opera
2011-10-12 22:09:50 ----D---- C:\Windows\ehome
2011-10-12 22:09:38 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-10-11 23:07:18 ----D---- C:\Windows\LiveKernelReports
2011-10-08 18:12:25 ----D---- C:\Windows\system32\Setup
2011-10-08 17:58:52 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-01-15 538136]
R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2010-03-22 46192]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-15 254528]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2009-07-28 81768]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-10-05 7884288]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-10-05 285696]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-11-05 2637824]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver; C:\Windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
R3 CeKbFilter;CeKbFilter; C:\Windows\system32\DRIVERS\CeKbFilter.sys [2010-12-29 20592]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-28 2445672]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 11264]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-10 316464]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2009-06-17 54664]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2010-06-18 18872]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2005-06-14 296448]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-01-07 232992]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2010-04-07 214248]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2009-06-19 50664]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2009-06-19 94336]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2009-07-24 26472]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2010-04-26 63488]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2010-05-13 59704]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-10-05 203264]
R2 cfWiMAXService;Služba ConfigFree WiMAX; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R2 ConfigFree Service;Služba ConfigFree; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-03-03 268824]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2011-06-19 189248]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 156016]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2010-09-28 489384]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2010-04-12 196976]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-19 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184

Re: prosim o kontrolu z RSIT

Napsal: 06 led 2012 22:48
od Roli
Než budeme pokračovat tak tohle :

C:\Users\Hadraba\AppData\Roaming\Updatem\d_update\zupdate.exe

otestuj na VIRUSTOTAL

(po načtení stránky klikni na tlačítko Procházet, najdi cestu k výše zmíněnému souboru a klikni na tlačítko Odeslat soubor

trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)

Pokud ti to napíše že soubor již byl testován nech otestovat znovu.

Re: prosim o kontrolu z RSIT

Napsal: 07 led 2012 11:04
od svkjozef
http://www.virustotal.com/file-scan/rep ... 1325930098

Re: prosim o kontrolu z RSIT

Napsal: 07 led 2012 22:32
od Roli
Ještě fixni v HJT tohle :

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe -update plugin

jak na to jsem již psal.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\Program Files (x86)\facemoods.com

:reg
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"facemoods"=-

:commands
[purity]
[emptytemp]
[start explorer]
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz