VIRY.CZ

Včera jsem bohužel otevřel soubor s trojanem Smart fortress 2012. Podařilo se mi ho zřejmě odstranit, ale padá mi Mozilla a zdá se mi , že je PC trochu zabržděné.
Prosím o kontrolu logu.Děkuji


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:23, on 1.6.2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\totalcmd\TOTALCMD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
F:\Okruhy\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O15 - Trusted Zone: *.line6.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11028 bytes

Zdravim a pekny vecer preji

Dejte prosim log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895 - je podrobnejsi nez HJT

Posílám nový log, dle instrukcí. Děkuji


Logfile of random's system information tool 1.09 (written by random/random)
Run by Petr at 2012-06-01 19:22:55
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 30 GB (26%) free of 114 GB
Total RAM: 8172 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:22:57, on 1.6.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.line6.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11334 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe"
"C:\Program Files (x86)\RelevantKnowledge\rlservice.exe" /service
"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2492
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Winamp\winampa.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
HydraDM64.exe -h:66198 "Maximalizovat na celou plochu" "Maximalizovat k rohům okna" "Obnovit pracovní plochu"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -boot
"C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe" 5884
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3328.168a4110.1952855067 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll" Mozilla.Firefox.8.0 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.jar" 3328 "\\.\pipe\gecko-crash-server-pipe.3328" plugin
"F:\Okruhy\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g7cjhwie.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://search.babylon.com/?affID=112037 ... 55ab67a&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npwachk.dll
QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
babylon.xml
fcmdSrchddr.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g7cjhwie.default\extensions\
DefaultManager@Microsoft
ffxtlbr@babylon.com
ffxtlbr@Facemoods.com
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-07 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-05-08 1136568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll [2010-10-26 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-05-31 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01 1144072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-05-31 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-07 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01 1144072]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll [2010-10-26 217088]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-05-08 1136568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2011-06-24 7233640]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 190536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"HydraVisionDesktopManager"=C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [2010-11-25 393216]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2011-12-09 74752]
"facemoods"=C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe [2010-10-26 323584]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2012-04-18 421888]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-04-06 641664]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdAuxService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdCoreService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"midi7"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave7"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-06-01 19:22:55 ----D---- C:\rsit
2012-06-01 19:22:55 ----D---- C:\Program Files\trend micro
2012-05-31 21:02:21 ----D---- C:\Program Files\CCleaner
2012-05-31 19:16:55 ----A---- C:\Windows\system32\drivers\PCTBD64.sys
2012-05-31 19:16:55 ----A---- C:\Windows\SGDetectionTool.dll
2012-05-31 19:16:55 ----A---- C:\Windows\PCTBDCore.dll
2012-05-31 19:16:55 ----A---- C:\Windows\BDTSupport.dll
2012-05-31 19:16:54 ----A---- C:\Windows\PCTBDRes.dll
2012-05-31 19:16:43 ----A---- C:\Windows\system32\drivers\pctwfpfilter64.sys
2012-05-31 19:16:43 ----A---- C:\Windows\system32\drivers\pctgntdi64.sys
2012-05-31 19:16:43 ----A---- C:\Windows\system32\drivers\pctBTFix64.sys
2012-05-31 19:16:41 ----A---- C:\Windows\system32\drivers\pctplsg64.sys
2012-05-31 19:16:38 ----D---- C:\Program Files (x86)\PC Tools
2012-05-31 19:15:23 ----A---- C:\Windows\system32\drivers\PCTSD64.sys
2012-05-31 19:15:23 ----A---- C:\Windows\system32\drivers\pctEFA64.sys
2012-05-31 19:15:23 ----A---- C:\Windows\system32\drivers\pctDS64.sys
2012-05-31 19:15:23 ----A---- C:\Windows\system32\drivers\PCTCore64.sys
2012-05-31 19:15:15 ----AD---- C:\ProgramData\TEMP
2012-05-31 19:15:14 ----D---- C:\Users\Petr\AppData\Roaming\TestApp
2012-05-31 19:15:14 ----D---- C:\ProgramData\PC Tools
2012-05-31 19:02:37 ----D---- C:\Program Files (x86)\GridinSoft Trojan Killer
2012-05-31 18:14:22 ----D---- C:\ProgramData\99058D9B00007C230003E1F3B4EB2367
2012-05-28 08:40:23 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2012-05-27 22:36:24 ----D---- C:\Program Files\Common Files\VST3
2012-05-27 22:36:22 ----D---- C:\Users\Petr\AppData\Roaming\VST3 Presets
2012-05-27 22:36:17 ----D---- C:\Program Files\Common Files\Propellerhead Software
2012-05-22 08:05:08 ----D---- C:\ProgramData\ATI
2012-05-22 08:05:08 ----D---- C:\Program Files (x86)\AMD AVT
2012-05-22 08:05:06 ----D---- C:\Program Files (x86)\AMD APP
2012-05-16 08:33:17 ----D---- C:\ProgramData\Apple Computer
2012-05-16 08:33:17 ----D---- C:\Program Files (x86)\QuickTime
2012-05-15 17:37:17 ----D---- C:\Users\Petr\AppData\Roaming\ERGOM
2012-05-15 17:37:12 ----D---- C:\Program Files (x86)\Business Objects
2012-05-15 17:36:58 ----D---- C:\Program Files (x86)\Ergom
2012-05-13 20:46:24 ----D---- C:\Program Files\Microsoft Silverlight
2012-05-13 20:46:24 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-05-10 17:02:38 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-05-10 17:02:38 ----A---- C:\Windows\system32\DWrite.dll
2012-05-10 17:02:37 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-05-10 17:02:37 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-05-10 17:02:37 ----A---- C:\Windows\system32\win32k.sys
2012-05-10 17:02:37 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-10 16:58:35 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-05-10 16:57:05 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-05-08 11:40:35 ----D---- C:\Program Files (x86)\Cenega Czech
2012-05-05 15:49:59 ----D---- C:\Program Files (x86)\hpmonitor
2012-05-05 15:49:42 ----A---- C:\user.js
2012-05-05 15:49:38 ----D---- C:\Users\Petr\AppData\Roaming\Babylon
2012-05-05 15:49:38 ----D---- C:\ProgramData\Babylon
2012-05-04 16:57:38 ----A---- C:\Windows\IsUn0405.exe

======List of files/folders modified in the last 1 month======

2012-06-01 19:22:55 ----RD---- C:\Program Files
2012-06-01 19:22:19 ----D---- C:\Windows\System32
2012-06-01 19:22:19 ----D---- C:\Windows\inf
2012-06-01 19:22:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-01 19:20:22 ----D---- C:\Windows\Temp
2012-06-01 19:20:05 ----A---- C:\Windows\SYSWOW64\log.txt
2012-06-01 19:00:22 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-06-01 16:58:08 ----D---- C:\Windows
2012-06-01 14:54:48 ----D---- C:\Program Files (x86)\RelevantKnowledge
2012-05-31 21:44:32 ----SHD---- C:\Windows\Installer
2012-05-31 21:44:29 ----D---- C:\Windows\SysWOW64
2012-05-31 21:44:25 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-05-31 21:44:25 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-05-31 21:44:25 ----A---- C:\Windows\SYSWOW64\java.exe
2012-05-31 21:44:25 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-05-31 21:44:24 ----SHD---- C:\System Volume Information
2012-05-31 21:04:23 ----D---- C:\Users\Petr\AppData\Roaming\Winamp
2012-05-31 21:04:23 ----D---- C:\Users\Petr\AppData\Roaming\Vso
2012-05-31 21:04:23 ----D---- C:\Users\Petr\AppData\Roaming\DAEMON Tools Lite
2012-05-31 21:04:21 ----D---- C:\Windows\SoftwareDistribution
2012-05-31 21:04:21 ----D---- C:\Windows\Panther
2012-05-31 21:04:21 ----D---- C:\Windows\Logs
2012-05-31 21:04:21 ----D---- C:\Windows\debug
2012-05-31 19:16:55 ----D---- C:\Windows\system32\drivers
2012-05-31 19:16:38 ----RD---- C:\Program Files (x86)
2012-05-31 19:15:23 ----D---- C:\Program Files (x86)\Common Files
2012-05-31 19:15:15 ----HD---- C:\ProgramData
2012-05-31 19:06:02 ----D---- C:\Windows\system32\catroot2
2012-05-31 14:10:56 ----D---- C:\Windows\system32\config
2012-05-28 22:43:05 ----D---- C:\rFactor
2012-05-27 23:57:17 ----D---- C:\Windows\system32\catroot
2012-05-27 22:38:23 ----D---- C:\Users\Petr\AppData\Roaming\Steinberg
2012-05-27 22:36:31 ----D---- C:\ProgramData\Steinberg
2012-05-27 22:36:24 ----D---- C:\Program Files\Common Files
2012-05-27 22:25:24 ----D---- C:\Program Files (x86)\eLicenser
2012-05-27 22:25:23 ----A---- C:\Windows\SYSWOW64\SYNSOPOS.exe.cfg
2012-05-27 22:24:42 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-05-22 08:05:08 ----D---- C:\ProgramData\AMD
2012-05-22 08:04:59 ----D---- C:\Program Files\ATI Technologies
2012-05-22 08:04:36 ----D---- C:\Windows\system32\DriverStore
2012-05-15 17:37:14 ----D---- C:\Windows\winsxs
2012-05-15 17:37:13 ----RSD---- C:\Windows\assembly
2012-05-11 13:29:03 ----D---- C:\Windows\Microsoft.NET
2012-05-10 23:22:43 ----A---- C:\Windows\system32\MRT.exe
2012-05-10 23:19:51 ----D---- C:\Program Files\Windows Journal
2012-05-05 21:48:02 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-05-05 21:48:01 ----D---- C:\ProgramData\Samsung
2012-05-05 18:14:24 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2012-05-04 17:03:09 ----D---- C:\Users\Petr\AppData\Roaming\Adobe
2012-05-04 16:59:51 ----D---- C:\Program Files (x86)\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
R0 pctDS;PC Tools Data Store; C:\Windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-12-05 834544]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-03-07 53080]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-07 819032]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-07 337240]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-07 59224]
R1 PCTSD;PC Tools Spyware Doctor Driver; C:\Windows\System32\Drivers\PCTSD64.sys [2012-05-11 251528]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-07 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-07 69976]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 L6UX2;Service - Line 6 UX2; C:\Windows\System32\Drivers\L6UX264.sys [2011-11-30 772096]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 synusb64;eLicenser; C:\Windows\system32\DRIVERS\synusb64.sys [2010-09-17 30352]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-27 26440]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-27 16200]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 77512]
S3 a07hwaxl;a07hwaxl; C:\Windows\system32\drivers\a07hwaxl.sys []
S3 cpuz135;cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-06-28 2905832]
S3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 PCTBD;PC Tools Browser Defender Driver; C:\Windows\System32\Drivers\PCTBD64.sys [2012-05-08 85192]
S3 RDID1047;DR-880; C:\Windows\system32\Drivers\rdwm1047.sys [2009-09-18 81920]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver; C:\Windows\system32\DRIVERS\gtkdrv.sys [2012-01-04 16640]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 43976]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2010-04-27 36936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-04-06 236544]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-08 575416]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-22 326168]
R2 RelevantKnowledge;RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [2012-02-23 111632]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-03-28 249648]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 257696]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
S3 sdCoreService;PC Tools Security Service; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-05-11 1118648]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-18 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Kliknete na volbu Change parametrs
• V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
• Kliknete na OK
• Utilite prikazte, at skenuje - klik na Start Scan
• Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
• Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
• Pokud mate vsude Skip, kliknete na Continue
• Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Vložen log z TDSSKILLER


19:45:04.0986 5816 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
19:45:05.0365 5816 ============================================================
19:45:05.0365 5816 Current date / time: 2012/06/01 19:45:05.0365
19:45:05.0365 5816 SystemInfo:
19:45:05.0365 5816
19:45:05.0365 5816 OS Version: 6.1.7601 ServicePack: 1.0
19:45:05.0365 5816 Product type: Workstation
19:45:05.0365 5816 ComputerName: PETR-PC
19:45:05.0365 5816 UserName: Petr
19:45:05.0365 5816 Windows directory: C:\Windows
19:45:05.0365 5816 System windows directory: C:\Windows
19:45:05.0365 5816 Running under WOW64
19:45:05.0365 5816 Processor architecture: Intel x64
19:45:05.0365 5816 Number of processors: 8
19:45:05.0365 5816 Page size: 0x1000
19:45:05.0365 5816 Boot type: Normal boot
19:45:05.0366 5816 ============================================================
19:45:05.0523 5816 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:45:05.0541 5816 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:45:05.0555 5816 ============================================================
19:45:05.0555 5816 \Device\Harddisk0\DR0:
19:45:05.0555 5816 MBR partitions:
19:45:05.0555 5816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:45:05.0555 5816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
19:45:05.0555 5816 \Device\Harddisk1\DR1:
19:45:05.0555 5816 MBR partitions:
19:45:05.0555 5816 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A3AA7F0
19:45:05.0555 5816 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3A3AB000, BlocksNum 0x1E361FF8
19:45:05.0555 5816 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x5870D000, BlocksNum 0x1BFF8800
19:45:05.0555 5816 ============================================================
19:45:05.0556 5816 C: <-> \Device\Harddisk0\DR0\Partition1
19:45:05.0588 5816 E: <-> \Device\Harddisk1\DR1\Partition0
19:45:05.0621 5816 F: <-> \Device\Harddisk1\DR1\Partition1
19:45:05.0652 5816 G: <-> \Device\Harddisk1\DR1\Partition2
19:45:05.0652 5816 ============================================================
19:45:05.0652 5816 Initialize success
19:45:05.0652 5816 ============================================================
19:45:57.0008 3492 ============================================================
19:45:57.0008 3492 Scan started
19:45:57.0008 3492 Mode: Manual; SigCheck; TDLFS;
19:45:57.0008 3492 ============================================================
19:45:57.0101 3492 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:45:57.0152 3492 1394ohci - ok
19:45:57.0165 3492 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:45:57.0177 3492 ACPI - ok
19:45:57.0179 3492 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:45:57.0191 3492 AcpiPmi - ok
19:45:57.0198 3492 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:45:57.0206 3492 AdobeARMservice - ok
19:45:57.0236 3492 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:45:57.0249 3492 AdobeFlashPlayerUpdateSvc - ok
19:45:57.0263 3492 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:45:57.0278 3492 adp94xx - ok
19:45:57.0289 3492 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:45:57.0301 3492 adpahci - ok
19:45:57.0307 3492 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:45:57.0317 3492 adpu320 - ok
19:45:57.0322 3492 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:45:57.0346 3492 AeLookupSvc - ok
19:45:57.0361 3492 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:45:57.0377 3492 AFD - ok
19:45:57.0380 3492 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:45:57.0389 3492 agp440 - ok
19:45:57.0393 3492 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:45:57.0404 3492 ALG - ok
19:45:57.0406 3492 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:45:57.0414 3492 aliide - ok
19:45:57.0420 3492 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
19:45:57.0435 3492 AMD External Events Utility - ok
19:45:57.0437 3492 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:45:57.0444 3492 amdide - ok
19:45:57.0447 3492 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:45:57.0458 3492 AmdK8 - ok
19:45:57.0712 3492 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
19:45:57.0847 3492 amdkmdag - ok
19:45:57.0882 3492 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
19:45:57.0897 3492 amdkmdap - ok
19:45:57.0901 3492 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:45:57.0914 3492 AmdPPM - ok
19:45:57.0918 3492 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:45:57.0928 3492 amdsata - ok
19:45:57.0935 3492 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:45:57.0945 3492 amdsbs - ok
19:45:57.0948 3492 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:45:57.0955 3492 amdxata - ok
19:45:57.0959 3492 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:45:57.0983 3492 AppID - ok
19:45:57.0990 3492 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:45:58.0013 3492 AppIDSvc - ok
19:45:58.0018 3492 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:45:58.0042 3492 Appinfo - ok
19:45:58.0046 3492 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:45:58.0054 3492 arc - ok
19:45:58.0058 3492 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:45:58.0067 3492 arcsas - ok
19:45:58.0069 3492 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
19:45:58.0084 3492 aswFsBlk - ok
19:45:58.0088 3492 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
19:45:58.0096 3492 aswMonFlt - ok
19:45:58.0099 3492 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
19:45:58.0106 3492 aswRdr - ok
19:45:58.0126 3492 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
19:45:58.0140 3492 aswSnx - ok
19:45:58.0150 3492 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
19:45:58.0159 3492 aswSP - ok
19:45:58.0162 3492 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
19:45:58.0170 3492 aswTdi - ok
19:45:58.0172 3492 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:45:58.0195 3492 AsyncMac - ok
19:45:58.0198 3492 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:45:58.0205 3492 atapi - ok
19:45:58.0210 3492 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
19:45:58.0217 3492 AtiHDAudioService - ok
19:45:58.0241 3492 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:45:58.0277 3492 AudioEndpointBuilder - ok
19:45:58.0281 3492 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:45:58.0309 3492 AudioSrv - ok
19:45:58.0315 3492 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:45:58.0322 3492 avast! Antivirus - ok
19:45:58.0327 3492 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:45:58.0342 3492 AxInstSV - ok
19:45:58.0354 3492 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:45:58.0367 3492 b06bdrv - ok
19:45:58.0376 3492 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:45:58.0389 3492 b57nd60a - ok
19:45:58.0400 3492 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:45:58.0411 3492 BBSvc - ok
19:45:58.0417 3492 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:45:58.0427 3492 BDESVC - ok
19:45:58.0429 3492 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:45:58.0452 3492 Beep - ok
19:45:58.0475 3492 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:45:58.0506 3492 BFE - ok
19:45:58.0532 3492 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:45:58.0567 3492 BITS - ok
19:45:58.0575 3492 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:45:58.0585 3492 blbdrive - ok
19:45:58.0590 3492 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:45:58.0599 3492 bowser - ok
19:45:58.0602 3492 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:45:58.0613 3492 BrFiltLo - ok
19:45:58.0615 3492 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:45:58.0626 3492 BrFiltUp - ok
19:45:58.0632 3492 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:45:58.0656 3492 Browser - ok
19:45:58.0675 3492 Browser Defender Update Service (7229b58039d5a9338ad633e8ab60619c) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
19:45:58.0688 3492 Browser Defender Update Service - ok
19:45:58.0697 3492 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:45:58.0710 3492 Brserid - ok
19:45:58.0714 3492 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:45:58.0725 3492 BrSerWdm - ok
19:45:58.0727 3492 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:45:58.0738 3492 BrUsbMdm - ok
19:45:58.0741 3492 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:45:58.0751 3492 BrUsbSer - ok
19:45:58.0755 3492 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:45:58.0766 3492 BTHMODEM - ok
19:45:58.0772 3492 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:45:58.0795 3492 bthserv - ok
19:45:58.0799 3492 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:45:58.0821 3492 cdfs - ok
19:45:58.0828 3492 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:45:58.0839 3492 cdrom - ok
19:45:58.0846 3492 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:45:58.0870 3492 CertPropSvc - ok
19:45:58.0874 3492 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:45:58.0886 3492 circlass - ok
19:45:58.0898 3492 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:45:58.0911 3492 CLFS - ok
19:45:58.0921 3492 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:45:58.0929 3492 clr_optimization_v2.0.50727_32 - ok
19:45:58.0936 3492 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:45:58.0944 3492 clr_optimization_v2.0.50727_64 - ok
19:45:58.0954 3492 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:45:58.0965 3492 clr_optimization_v4.0.30319_32 - ok
19:45:58.0973 3492 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:45:58.0982 3492 clr_optimization_v4.0.30319_64 - ok
19:45:58.0985 3492 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:45:58.0996 3492 CmBatt - ok
19:45:58.0998 3492 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:45:59.0006 3492 cmdide - ok
19:45:59.0020 3492 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:45:59.0038 3492 CNG - ok
19:45:59.0040 3492 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:45:59.0048 3492 Compbatt - ok
19:45:59.0051 3492 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:45:59.0062 3492 CompositeBus - ok
19:45:59.0064 3492 COMSysApp - ok
19:45:59.0069 3492 cpuz135 - ok
19:45:59.0072 3492 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:45:59.0080 3492 crcdisk - ok
19:45:59.0089 3492 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:45:59.0114 3492 CryptSvc - ok
19:45:59.0133 3492 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:45:59.0161 3492 DcomLaunch - ok
19:45:59.0171 3492 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:45:59.0200 3492 defragsvc - ok
19:45:59.0207 3492 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:45:59.0235 3492 DfsC - ok
19:45:59.0247 3492 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:45:59.0274 3492 Dhcp - ok
19:45:59.0277 3492 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:45:59.0301 3492 discache - ok
19:45:59.0306 3492 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:45:59.0314 3492 Disk - ok
19:45:59.0322 3492 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:45:59.0334 3492 Dnscache - ok
19:45:59.0343 3492 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:45:59.0368 3492 dot3svc - ok
19:45:59.0375 3492 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:45:59.0399 3492 DPS - ok
19:45:59.0401 3492 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:45:59.0413 3492 drmkaud - ok
19:45:59.0444 3492 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:45:59.0460 3492 DXGKrnl - ok
19:45:59.0464 3492 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:45:59.0488 3492 EapHost - ok
19:45:59.0564 3492 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:45:59.0613 3492 ebdrv - ok
19:45:59.0639 3492 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:45:59.0650 3492 EFS - ok
19:45:59.0671 3492 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:45:59.0692 3492 ehRecvr - ok
19:45:59.0697 3492 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:45:59.0709 3492 ehSched - ok
19:45:59.0728 3492 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:45:59.0745 3492 elxstor - ok
19:45:59.0748 3492 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:45:59.0759 3492 ErrDev - ok
19:45:59.0775 3492 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:45:59.0803 3492 EventSystem - ok
19:45:59.0809 3492 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:45:59.0833 3492 exfat - ok
19:45:59.0839 3492 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:45:59.0865 3492 fastfat - ok
19:45:59.0886 3492 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:45:59.0902 3492 Fax - ok
19:45:59.0905 3492 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:45:59.0915 3492 fdc - ok
19:45:59.0917 3492 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:45:59.0941 3492 fdPHost - ok
19:45:59.0944 3492 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:45:59.0967 3492 FDResPub - ok
19:45:59.0972 3492 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:45:59.0980 3492 FileInfo - ok
19:45:59.0983 3492 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:46:00.0008 3492 Filetrace - ok
19:46:00.0011 3492 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:46:00.0020 3492 flpydisk - ok
19:46:00.0035 3492 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:46:00.0045 3492 FltMgr - ok
19:46:00.0077 3492 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:46:00.0104 3492 FontCache - ok
19:46:00.0108 3492 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:46:00.0117 3492 FontCache3.0.0.0 - ok
19:46:00.0125 3492 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:46:00.0134 3492 FsDepends - ok
19:46:00.0137 3492 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:46:00.0145 3492 Fs_Rec - ok
19:46:00.0151 3492 Futuremark SystemInfo Service (79b4cde2b69ed8ba4011859780a66a4d) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
19:46:00.0158 3492 Futuremark SystemInfo Service - ok
19:46:00.0166 3492 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:46:00.0179 3492 fvevol - ok
19:46:00.0183 3492 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:46:00.0191 3492 gagp30kx - ok
19:46:00.0213 3492 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:46:00.0244 3492 gpsvc - ok
19:46:00.0247 3492 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:46:00.0257 3492 hcw85cir - ok
19:46:00.0268 3492 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:46:00.0283 3492 HdAudAddService - ok
19:46:00.0288 3492 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:46:00.0300 3492 HDAudBus - ok
19:46:00.0302 3492 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:46:00.0312 3492 HidBatt - ok
19:46:00.0316 3492 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:46:00.0328 3492 HidBth - ok
19:46:00.0331 3492 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:46:00.0342 3492 HidIr - ok
19:46:00.0345 3492 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:46:00.0368 3492 hidserv - ok
19:46:00.0372 3492 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:46:00.0381 3492 HidUsb - ok
19:46:00.0385 3492 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:46:00.0408 3492 hkmsvc - ok
19:46:00.0417 3492 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:46:00.0430 3492 HomeGroupListener - ok
19:46:00.0438 3492 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:46:00.0450 3492 HomeGroupProvider - ok
19:46:00.0454 3492 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:46:00.0462 3492 HpSAMD - ok
19:46:00.0486 3492 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:46:00.0518 3492 HTTP - ok
19:46:00.0521 3492 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:46:00.0529 3492 hwpolicy - ok
19:46:00.0534 3492 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:46:00.0544 3492 i8042prt - ok
19:46:00.0556 3492 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:46:00.0568 3492 iaStorV - ok
19:46:00.0575 3492 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:46:00.0578 3492 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:46:00.0578 3492 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:46:00.0598 3492 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:46:00.0616 3492 idsvc - ok
19:46:00.0639 3492 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:46:00.0648 3492 iirsp - ok
19:46:00.0670 3492 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:46:00.0703 3492 IKEEXT - ok
19:46:00.0764 3492 IntcAzAudAddService (eb5fa493a4b6ea290200ae39eba2fbc6) C:\Windows\system32\drivers\RTKVHD64.sys
19:46:00.0806 3492 IntcAzAudAddService - ok
19:46:00.0830 3492 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:46:00.0838 3492 intelide - ok
19:46:00.0842 3492 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:46:00.0851 3492 intelppm - ok
19:46:00.0856 3492 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:46:00.0880 3492 IPBusEnum - ok
19:46:00.0884 3492 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:46:00.0908 3492 IpFilterDriver - ok
19:46:00.0924 3492 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:46:00.0952 3492 iphlpsvc - ok
19:46:00.0956 3492 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:46:00.0966 3492 IPMIDRV - ok
19:46:00.0970 3492 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:46:00.0994 3492 IPNAT - ok
19:46:00.0997 3492 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:46:01.0009 3492 IRENUM - ok
19:46:01.0012 3492 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:46:01.0019 3492 isapnp - ok
19:46:01.0027 3492 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:46:01.0038 3492 iScsiPrt - ok
19:46:01.0041 3492 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:46:01.0049 3492 kbdclass - ok
19:46:01.0052 3492 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:46:01.0062 3492 kbdhid - ok
19:46:01.0065 3492 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:46:01.0074 3492 KeyIso - ok
19:46:01.0078 3492 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:46:01.0086 3492 KSecDD - ok
19:46:01.0093 3492 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:46:01.0102 3492 KSecPkg - ok
19:46:01.0105 3492 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:46:01.0128 3492 ksthunk - ok
19:46:01.0139 3492 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:46:01.0167 3492 KtmRm - ok
19:46:01.0191 3492 L6UX2 (1107dd2b04a2c73ccbb614c12c70b775) C:\Windows\system32\Drivers\L6UX264.sys
19:46:01.0208 3492 L6UX2 - ok
19:46:01.0218 3492 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:46:01.0245 3492 LanmanServer - ok
19:46:01.0251 3492 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:46:01.0276 3492 LanmanWorkstation - ok
19:46:01.0282 3492 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:46:01.0306 3492 lltdio - ok
19:46:01.0316 3492 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:46:01.0344 3492 lltdsvc - ok
19:46:01.0347 3492 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:46:01.0371 3492 lmhosts - ok
19:46:01.0383 3492 LMS (e7859ba062db5e23c6dd34ad66b09f50) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:46:01.0394 3492 LMS - ok
19:46:01.0400 3492 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:46:01.0409 3492 LSI_FC - ok
19:46:01.0414 3492 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:46:01.0422 3492 LSI_SAS - ok
19:46:01.0426 3492 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:46:01.0435 3492 LSI_SAS2 - ok
19:46:01.0440 3492 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:46:01.0448 3492 LSI_SCSI - ok
19:46:01.0454 3492 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:46:01.0478 3492 luafv - ok
19:46:01.0482 3492 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
19:46:01.0489 3492 MBfilt - ok
19:46:01.0493 3492 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:46:01.0504 3492 Mcx2Svc - ok
19:46:01.0508 3492 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:46:01.0516 3492 megasas - ok
19:46:01.0524 3492 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:46:01.0534 3492 MegaSR - ok
19:46:01.0538 3492 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
19:46:01.0545 3492 MEIx64 - ok
19:46:01.0550 3492 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:46:01.0574 3492 MMCSS - ok
19:46:01.0577 3492 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:46:01.0599 3492 Modem - ok
19:46:01.0602 3492 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:46:01.0613 3492 monitor - ok
19:46:01.0616 3492 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:46:01.0624 3492 mouclass - ok
19:46:01.0627 3492 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:46:01.0636 3492 mouhid - ok
19:46:01.0640 3492 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:46:01.0649 3492 mountmgr - ok
19:46:01.0656 3492 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:46:01.0665 3492 mpio - ok
19:46:01.0669 3492 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:46:01.0692 3492 mpsdrv - ok
19:46:01.0719 3492 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:46:01.0752 3492 MpsSvc - ok
19:46:01.0758 3492 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:46:01.0771 3492 MRxDAV - ok
19:46:01.0777 3492 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:46:01.0787 3492 mrxsmb - ok
19:46:01.0797 3492 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:46:01.0809 3492 mrxsmb10 - ok
19:46:01.0815 3492 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:46:01.0827 3492 mrxsmb20 - ok
19:46:01.0830 3492 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:46:01.0838 3492 msahci - ok
19:46:01.0843 3492 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:46:01.0852 3492 msdsm - ok
19:46:01.0860 3492 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:46:01.0871 3492 MSDTC - ok
19:46:01.0876 3492 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:46:01.0899 3492 Msfs - ok
19:46:01.0901 3492 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:46:01.0923 3492 mshidkmdf - ok
19:46:01.0925 3492 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:46:01.0932 3492 msisadrv - ok
19:46:01.0938 3492 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:46:01.0964 3492 MSiSCSI - ok
19:46:01.0966 3492 msiserver - ok
19:46:01.0969 3492 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:46:01.0993 3492 MSKSSRV - ok
19:46:01.0995 3492 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:46:02.0019 3492 MSPCLOCK - ok
19:46:02.0022 3492 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:46:02.0044 3492 MSPQM - ok
19:46:02.0056 3492 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:46:02.0068 3492 MsRPC - ok
19:46:02.0072 3492 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:46:02.0080 3492 mssmbios - ok
19:46:02.0082 3492 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:46:02.0105 3492 MSTEE - ok
19:46:02.0107 3492 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:46:02.0117 3492 MTConfig - ok
19:46:02.0121 3492 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:46:02.0129 3492 Mup - ok
19:46:02.0143 3492 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:46:02.0172 3492 napagent - ok
19:46:02.0182 3492 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:46:02.0196 3492 NativeWifiP - ok
19:46:02.0225 3492 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:46:02.0246 3492 NDIS - ok
19:46:02.0250 3492 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:46:02.0273 3492 NdisCap - ok
19:46:02.0275 3492 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:46:02.0297 3492 NdisTapi - ok
19:46:02.0302 3492 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:46:02.0325 3492 Ndisuio - ok
19:46:02.0331 3492 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:46:02.0354 3492 NdisWan - ok
19:46:02.0358 3492 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:46:02.0379 3492 NDProxy - ok
19:46:02.0382 3492 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:46:02.0405 3492 NetBIOS - ok
19:46:02.0417 3492 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:46:02.0442 3492 NetBT - ok
19:46:02.0446 3492 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:46:02.0455 3492 Netlogon - ok
19:46:02.0467 3492 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:46:02.0494 3492 Netman - ok
19:46:02.0512 3492 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:46:02.0542 3492 netprofm - ok
19:46:02.0548 3492 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:46:02.0556 3492 NetTcpPortSharing - ok
19:46:02.0560 3492 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:46:02.0568 3492 nfrd960 - ok
19:46:02.0580 3492 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:46:02.0607 3492 NlaSvc - ok
19:46:02.0611 3492 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:46:02.0634 3492 Npfs - ok
19:46:02.0637 3492 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:46:02.0661 3492 nsi - ok
19:46:02.0663 3492 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:46:02.0687 3492 nsiproxy - ok
19:46:02.0742 3492 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:46:02.0785 3492 Ntfs - ok
19:46:02.0812 3492 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:46:02.0842 3492 Null - ok
19:46:02.0847 3492 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
19:46:02.0856 3492 nusb3hub - ok
19:46:02.0863 3492 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:46:02.0872 3492 nusb3xhc - ok
19:46:02.0879 3492 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:46:02.0888 3492 nvraid - ok
19:46:02.0894 3492 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:46:02.0904 3492 nvstor - ok
19:46:02.0910 3492 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:46:02.0919 3492 nv_agp - ok
19:46:02.0923 3492 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:46:02.0933 3492 ohci1394 - ok
19:46:02.0946 3492 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:46:02.0960 3492 p2pimsvc - ok
19:46:02.0975 3492 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:46:02.0991 3492 p2psvc - ok
19:46:02.0996 3492 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:46:03.0008 3492 Parport - ok
19:46:03.0012 3492 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:46:03.0021 3492 partmgr - ok
19:46:03.0030 3492 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:46:03.0045 3492 PcaSvc - ok
19:46:03.0053 3492 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:46:03.0063 3492 pci - ok
19:46:03.0065 3492 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:46:03.0073 3492 pciide - ok
19:46:03.0080 3492 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:46:03.0090 3492 pcmcia - ok
19:46:03.0094 3492 PCTBD (8fe3547a6a4669817bd01abd46f0cee5) C:\Windows\system32\Drivers\PCTBD64.sys
19:46:03.0101 3492 PCTBD - ok
19:46:03.0113 3492 PCTCore (876fd95b7a3b7fe6179fbd16e7a6486c) C:\Windows\system32\drivers\PCTCore64.sys
19:46:03.0125 3492 PCTCore - ok
19:46:03.0138 3492 pctDS (ba1f42a42f405f62ceff6b69a2797f7c) C:\Windows\system32\drivers\pctDS64.sys
19:46:03.0150 3492 pctDS - ok
19:46:03.0158 3492 PCTSD (577f20ebf1e42bebb238e2412b99c7ee) C:\Windows\system32\Drivers\PCTSD64.sys
19:46:03.0166 3492 PCTSD - ok
19:46:03.0170 3492 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:46:03.0179 3492 pcw - ok
19:46:03.0200 3492 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:46:03.0233 3492 PEAUTH - ok
19:46:03.0258 3492 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:46:03.0270 3492 PerfHost - ok
19:46:03.0316 3492 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:46:03.0364 3492 pla - ok
19:46:03.0380 3492 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:46:03.0401 3492 PlugPlay - ok
19:46:03.0405 3492 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:46:03.0419 3492 PNRPAutoReg - ok
19:46:03.0432 3492 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:46:03.0448 3492 PNRPsvc - ok
19:46:03.0465 3492 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:46:03.0503 3492 PolicyAgent - ok
19:46:03.0512 3492 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:46:03.0538 3492 Power - ok
19:46:03.0549 3492 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:46:03.0572 3492 PptpMiniport - ok
19:46:03.0576 3492 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:46:03.0587 3492 Processor - ok
19:46:03.0596 3492 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:46:03.0622 3492 ProfSvc - ok
19:46:03.0625 3492 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:46:03.0634 3492 ProtectedStorage - ok
19:46:03.0640 3492 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:46:03.0662 3492 Psched - ok
19:46:03.0699 3492 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:46:03.0727 3492 ql2300 - ok
19:46:03.0756 3492 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:46:03.0766 3492 ql40xx - ok
19:46:03.0775 3492 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:46:03.0790 3492 QWAVE - ok
19:46:03.0795 3492 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:46:03.0808 3492 QWAVEdrv - ok
19:46:03.0811 3492 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:46:03.0833 3492 RasAcd - ok
19:46:03.0838 3492 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:46:03.0861 3492 RasAgileVpn - ok
19:46:03.0866 3492 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:46:03.0892 3492 RasAuto - ok
19:46:03.0898 3492 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:46:03.0923 3492 Rasl2tp - ok
19:46:03.0933 3492 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:46:03.0961 3492 RasMan - ok
19:46:03.0966 3492 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:46:03.0990 3492 RasPppoe - ok
19:46:03.0995 3492 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:46:04.0019 3492 RasSstp - ok
19:46:04.0030 3492 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:46:04.0056 3492 rdbss - ok
19:46:04.0061 3492 RDID1047 (56bee9fbc3931bc4926746f04dbec58d) C:\Windows\system32\Drivers\rdwm1047.sys
19:46:04.0069 3492 RDID1047 - ok
19:46:04.0071 3492 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:46:04.0083 3492 rdpbus - ok
19:46:04.0086 3492 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:46:04.0108 3492 RDPCDD - ok
19:46:04.0112 3492 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:46:04.0135 3492 RDPENCDD - ok
19:46:04.0138 3492 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:46:04.0161 3492 RDPREFMP - ok
19:46:04.0168 3492 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:46:04.0179 3492 RDPWD - ok
19:46:04.0187 3492 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:46:04.0197 3492 rdyboost - ok
19:46:04.0202 3492 RelevantKnowledge - ok
19:46:04.0207 3492 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:46:04.0232 3492 RemoteAccess - ok
19:46:04.0238 3492 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:46:04.0263 3492 RemoteRegistry - ok
19:46:04.0269 3492 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:46:04.0301 3492 RpcEptMapper - ok
19:46:04.0303 3492 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:46:04.0314 3492 RpcLocator - ok
19:46:04.0330 3492 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:46:04.0356 3492 RpcSs - ok
19:46:04.0362 3492 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:46:04.0385 3492 rspndr - ok
19:46:04.0399 3492 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:46:04.0410 3492 RTL8167 - ok
19:46:04.0413 3492 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:46:04.0422 3492 SamSs - ok
19:46:04.0426 3492 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:46:04.0435 3492 sbp2port - ok
19:46:04.0442 3492 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:46:04.0469 3492 SCardSvr - ok
19:46:04.0472 3492 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:46:04.0495 3492 scfilter - ok
19:46:04.0527 3492 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:46:04.0568 3492 Schedule - ok
19:46:04.0574 3492 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:46:04.0597 3492 SCPolicySvc - ok
19:46:04.0611 3492 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
19:46:04.0622 3492 sdAuxService - ok
19:46:04.0649 3492 sdCoreService (44323c0bcbffa66a7a90e93f5d027999) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
19:46:04.0668 3492 sdCoreService - ok
19:46:04.0697 3492 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:46:04.0710 3492 SDRSVC - ok
19:46:04.0722 3492 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:46:04.0732 3492 SeaPort - ok
19:46:04.0740 3492 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:46:04.0764 3492 secdrv - ok
19:46:04.0767 3492 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:46:04.0790 3492 seclogon - ok
19:46:04.0795 3492 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:46:04.0820 3492 SENS - ok
19:46:04.0823 3492 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:46:04.0834 3492 SensrSvc - ok
19:46:04.0837 3492 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:46:04.0847 3492 Serenum - ok
19:46:04.0852 3492 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:46:04.0862 3492 Serial - ok
19:46:04.0865 3492 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:46:04.0875 3492 sermouse - ok
19:46:04.0883 3492 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:46:04.0907 3492 SessionEnv - ok
19:46:04.0910 3492 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:46:04.0921 3492 sffdisk - ok
19:46:04.0923 3492 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:46:04.0935 3492 sffp_mmc - ok
19:46:04.0937 3492 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:46:04.0948 3492 sffp_sd - ok
19:46:04.0951 3492 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:46:04.0961 3492 sfloppy - ok
19:46:04.0973 3492 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:46:05.0001 3492 SharedAccess - ok
19:46:05.0013 3492 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:46:05.0040 3492 ShellHWDetection - ok
19:46:05.0044 3492 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:46:05.0052 3492 SiSRaid2 - ok
19:46:05.0055 3492 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:46:05.0064 3492 SiSRaid4 - ok
19:46:05.0068 3492 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:46:05.0092 3492 Smb - ok
19:46:05.0097 3492 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:46:05.0107 3492 SNMPTRAP - ok
19:46:05.0110 3492 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:46:05.0117 3492 spldr - ok
19:46:05.0136 3492 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:46:05.0165 3492 Spooler - ok
19:46:05.0285 3492 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:46:05.0363 3492 sppsvc - ok
19:46:05.0393 3492 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:46:05.0433 3492 sppuinotify - ok
19:46:05.0464 3492 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
19:46:05.0465 3492 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
19:46:05.0466 3492 sptd ( LockedFile.Multi.Generic ) - warning
19:46:05.0466 3492 sptd - detected LockedFile.Multi.Generic (1)
19:46:05.0483 3492 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:46:05.0497 3492 srv - ok
19:46:05.0512 3492 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:46:05.0527 3492 srv2 - ok
19:46:05.0537 3492 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:46:05.0547 3492 srvnet - ok
19:46:05.0556 3492 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:46:05.0582 3492 SSDPSRV - ok
19:46:05.0587 3492 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:46:05.0610 3492 SstpSvc - ok
19:46:05.0613 3492 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:46:05.0621 3492 stexstor - ok
19:46:05.0640 3492 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:46:05.0660 3492 stisvc - ok
19:46:05.0663 3492 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:46:05.0670 3492 swenum - ok
19:46:05.0687 3492 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:46:05.0716 3492 swprv - ok
19:46:05.0721 3492 synusb64 (bcb6aa197267d3506be2535342fc40e0) C:\Windows\system32\DRIVERS\synusb64.sys
19:46:05.0727 3492 synusb64 - ok
19:46:05.0772 3492 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:46:05.0814 3492 SysMain - ok
19:46:05.0843 3492 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:46:05.0871 3492 TabletInputService - ok
19:46:05.0883 3492 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:46:05.0910 3492 TapiSrv - ok
19:46:05.0915 3492 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:46:05.0939 3492 TBS - ok
19:46:05.0981 3492 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:46:06.0014 3492 Tcpip - ok
19:46:06.0082 3492 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:46:06.0116 3492 TCPIP6 - ok
19:46:06.0143 3492 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:46:06.0166 3492 tcpipreg - ok
19:46:06.0170 3492 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:46:06.0178 3492 TDPIPE - ok
19:46:06.0181 3492 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:46:06.0190 3492 TDTCP - ok
19:46:06.0197 3492 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:46:06.0220 3492 tdx - ok
19:46:06.0224 3492 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
19:46:06.0232 3492 TermDD - ok
19:46:06.0251 3492 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:46:06.0282 3492 TermService - ok
19:46:06.0286 3492 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:46:06.0300 3492 Themes - ok
19:46:06.0303 3492 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:46:06.0326 3492 THREADORDER - ok
19:46:06.0332 3492 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:46:06.0357 3492 TrkWks - ok
19:46:06.0362 3492 TrojanKillerDriver (9bf9e809fbb2d5d0403b32b15abe5f30) C:\Windows\system32\DRIVERS\gtkdrv.sys
19:46:06.0368 3492 TrojanKillerDriver - ok
19:46:06.0376 3492 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:46:06.0400 3492 TrustedInstaller - ok
19:46:06.0405 3492 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:46:06.0427 3492 tssecsrv - ok
19:46:06.0431 3492 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:46:06.0441 3492 TsUsbFlt - ok
19:46:06.0444 3492 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:46:06.0453 3492 TsUsbGD - ok
19:46:06.0460 3492 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:46:06.0483 3492 tunnel - ok
19:46:06.0487 3492 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:46:06.0496 3492 uagp35 - ok
19:46:06.0506 3492 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:46:06.0531 3492 udfs - ok
19:46:06.0537 3492 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:46:06.0548 3492 UI0Detect - ok
19:46:06.0552 3492 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:46:06.0560 3492 uliagpkx - ok
19:46:06.0564 3492 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:46:06.0573 3492 umbus - ok
19:46:06.0576 3492 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:46:06.0585 3492 UmPass - ok
19:46:06.0667 3492 UNS (e91f8afbd7fb96c94b266579d6bfa77a) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:46:06.0726 3492 UNS - ok
19:46:06.0762 3492 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:46:06.0793 3492 upnphost - ok
19:46:06.0803 3492 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:46:06.0815 3492 usbaudio - ok
19:46:06.0821 3492 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:46:06.0830 3492 usbccgp - ok
19:46:06.0835 3492 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:46:06.0846 3492 usbcir - ok
19:46:06.0850 3492 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:46:06.0859 3492 usbehci - ok
19:46:06.0870 3492 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:46:06.0882 3492 usbhub - ok
19:46:06.0885 3492 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:46:06.0894 3492 usbohci - ok
19:46:06.0897 3492 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:46:06.0907 3492 usbprint - ok
19:46:06.0911 3492 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:46:06.0922 3492 usbscan - ok
19:46:06.0927 3492 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:46:06.0937 3492 USBSTOR - ok
19:46:06.0940 3492 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:46:06.0949 3492 usbuhci - ok
19:46:06.0952 3492 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:46:06.0977 3492 UxSms - ok
19:46:06.0981 3492 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:46:06.0990 3492 VaultSvc - ok
19:46:06.0993 3492 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:46:07.0002 3492 vdrvroot - ok
19:46:07.0015 3492 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:46:07.0044 3492 vds - ok
19:46:07.0048 3492 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:46:07.0058 3492 vga - ok
19:46:07.0062 3492 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:46:07.0085 3492 VgaSave - ok
19:46:07.0092 3492 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:46:07.0102 3492 vhdmp - ok
19:46:07.0105 3492 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:46:07.0112 3492 viaide - ok
19:46:07.0117 3492 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:46:07.0126 3492 volmgr - ok
19:46:07.0138 3492 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:46:07.0150 3492 volmgrx - ok
19:46:07.0161 3492 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:46:07.0171 3492 volsnap - ok
19:46:07.0179 3492 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:46:07.0188 3492 vsmraid - ok
19:46:07.0234 3492 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:46:07.0275 3492 VSS - ok
19:46:07.0302 3492 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:46:07.0313 3492 vwifibus - ok
19:46:07.0328 3492 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:46:07.0358 3492 W32Time - ok
19:46:07.0363 3492 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:46:07.0373 3492 WacomPen - ok
19:46:07.0380 3492 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:46:07.0403 3492 WANARP - ok
19:46:07.0405 3492 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:46:07.0426 3492 Wanarpv6 - ok
19:46:07.0464 3492 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:46:07.0489 3492 WatAdminSvc - ok
19:46:07.0529 3492 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:46:07.0558 3492 wbengine - ok
19:46:07.0587 3492 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:46:07.0602 3492 WbioSrvc - ok
19:46:07.0612 3492 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:46:07.0629 3492 wcncsvc - ok
19:46:07.0633 3492 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:46:07.0644 3492 WcsPlugInService - ok
19:46:07.0649 3492 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:46:07.0657 3492 Wd - ok
19:46:07.0679 3492 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:46:07.0697 3492 Wdf01000 - ok
19:46:07.0703 3492 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:46:07.0718 3492 WdiServiceHost - ok
19:46:07.0720 3492 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:46:07.0734 3492 WdiSystemHost - ok
19:46:07.0742 3492 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:46:07.0759 3492 WebClient - ok
19:46:07.0767 3492 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:46:07.0793 3492 Wecsvc - ok
19:46:07.0798 3492 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:46:07.0823 3492 wercplsupport - ok
19:46:07.0828 3492 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:46:07.0852 3492 WerSvc - ok
19:46:07.0857 3492 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:46:07.0879 3492 WfpLwf - ok
19:46:07.0882 3492 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:46:07.0890 3492 WIMMount - ok
19:46:07.0893 3492 WinDefend - ok
19:46:07.0896 3492 WinHttpAutoProxySvc - ok
19:46:07.0908 3492 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:46:07.0933 3492 Winmgmt - ok
19:46:07.0981 3492 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:46:08.0032 3492 WinRM - ok
19:46:08.0076 3492 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:46:08.0098 3492 Wlansvc - ok
19:46:08.0104 3492 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:46:08.0111 3492 wlcrasvc - ok
19:46:08.0186 3492 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:46:08.0234 3492 wlidsvc - ok
19:46:08.0262 3492 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
19:46:08.0268 3492 WmBEnum - ok
19:46:08.0272 3492 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
19:46:08.0279 3492 WmFilter - ok
19:46:08.0282 3492 WmHidLo (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys
19:46:08.0288 3492 WmHidLo - ok
19:46:08.0291 3492 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:46:08.0300 3492 WmiAcpi - ok
19:46:08.0312 3492 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:46:08.0324 3492 wmiApSrv - ok
19:46:08.0328 3492 WMPNetworkSvc - ok
19:46:08.0332 3492 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
19:46:08.0338 3492 WmVirHid - ok
19:46:08.0342 3492 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
19:46:08.0349 3492 WmXlCore - ok
19:46:08.0352 3492 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:46:08.0362 3492 WPCSvc - ok
19:46:08.0367 3492 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:46:08.0379 3492 WPDBusEnum - ok
19:46:08.0382 3492 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:46:08.0404 3492 ws2ifsl - ok
19:46:08.0409 3492 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:46:08.0423 3492 wscsvc - ok
19:46:08.0425 3492 WSearch - ok
19:46:08.0533 3492 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:46:08.0593 3492 wuauserv - ok
19:46:08.0622 3492 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:46:08.0646 3492 WudfPf - ok
19:46:08.0653 3492 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:46:08.0677 3492 WUDFRd - ok
19:46:08.0682 3492 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:46:08.0706 3492 wudfsvc - ok
19:46:08.0714 3492 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:46:08.0730 3492 WwanSvc - ok
19:46:08.0734 3492 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:46:08.0816 3492 \Device\Harddisk0\DR0 - ok
19:46:08.0818 3492 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
19:46:08.0858 3492 \Device\Harddisk1\DR1 - ok
19:46:08.0861 3492 Boot (0x1200) (2af930f014744e764647c1077ed371b6) \Device\Harddisk0\DR0\Partition0
19:46:08.0862 3492 \Device\Harddisk0\DR0\Partition0 - ok
19:46:08.0865 3492 Boot (0x1200) (eae8a4fdcb4019ea138f2a32f1e4790c) \Device\Harddisk0\DR0\Partition1
19:46:08.0866 3492 \Device\Harddisk0\DR0\Partition1 - ok
19:46:08.0869 3492 Boot (0x1200) (c85ceca2cf844bda54a8adeace712df8) \Device\Harddisk1\DR1\Partition0
19:46:08.0870 3492 \Device\Harddisk1\DR1\Partition0 - ok
19:46:08.0873 3492 Boot (0x1200) (0b5e1cfee2da266069a504762c22fa1b) \Device\Harddisk1\DR1\Partition1
19:46:08.0874 3492 \Device\Harddisk1\DR1\Partition1 - ok
19:46:08.0876 3492 Boot (0x1200) (60b6edb1f5c5bacb01641dffb4fa04f1) \Device\Harddisk1\DR1\Partition2
19:46:08.0877 3492 \Device\Harddisk1\DR1\Partition2 - ok
19:46:08.0878 3492 ============================================================
19:46:08.0878 3492 Scan finished
19:46:08.0878 3492 ============================================================
19:46:08.0884 5512 Detected object count: 2
19:46:08.0884 5512 Actual detected object count: 2
19:46:17.0162 5512 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:46:17.0162 5512 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:46:17.0162 5512 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:46:17.0163 5512 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Posílám log Combo fix.


ComboFix 12-06-01.02 - Petr 01.06.2012 20:34:13.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8172.6476 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\faCEmoodstlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\uninstall.exe
c:\program files (x86)\RelevantKnowledge
c:\program files (x86)\RelevantKnowledge\components\rlxg.dll
c:\program files (x86)\RelevantKnowledge\components\rlxh.dll
c:\program files (x86)\RelevantKnowledge\components\rlxi.dll
c:\program files (x86)\RelevantKnowledge\components\rlxj.dll
c:\program files (x86)\RelevantKnowledge\components\rlxk.dll
c:\program files (x86)\RelevantKnowledge\chrome.manifest
c:\program files (x86)\RelevantKnowledge\install.rdf
c:\program files (x86)\RelevantKnowledge\ncncf.dat
c:\program files (x86)\RelevantKnowledge\nscf.dat
c:\program files (x86)\RelevantKnowledge\rlcm.crx
c:\program files (x86)\RelevantKnowledge\rlcm.txt
c:\program files (x86)\RelevantKnowledge\rlls.dll
c:\program files (x86)\RelevantKnowledge\rlls64.dll
c:\program files (x86)\RelevantKnowledge\rloci.bin
c:\program files (x86)\RelevantKnowledge\rlph.dll
c:\program files (x86)\RelevantKnowledge\rlservice.exe
c:\program files (x86)\RelevantKnowledge\rlvknlg.exe
c:\program files (x86)\RelevantKnowledge\rlvknlg64.exe
c:\program files (x86)\RelevantKnowledge\rlxf.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\users\Petr\AppData\Roaming\vso_ts_preview.xml
c:\windows\IsUn0405.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\msvcsv60.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\SETB53E.tmp
c:\windows\SysWow64\SETB664.tmp
E:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RelevantKnowledge
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-01 do 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-06-01 17:22 . 2012-06-01 17:22 -------- d-----w- C:\rsit
2012-06-01 17:22 . 2012-06-01 17:22 -------- d-----w- c:\program files\trend micro
2012-05-31 19:02 . 2012-05-31 19:02 -------- d-----w- c:\program files\CCleaner
2012-05-31 17:16 . 2012-05-08 16:21 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-05-31 17:16 . 2012-05-08 16:21 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-05-31 17:16 . 2012-05-08 16:21 2267064 ----a-w- c:\windows\PCTBDCore.dll
2012-05-31 17:16 . 2012-05-08 16:21 767928 ----a-w- c:\windows\BDTSupport.dll
2012-05-31 17:15 . 2012-05-31 17:15 -------- d-----w- c:\users\Petr\AppData\Roaming\TestApp
2012-05-31 17:02 . 2012-05-31 17:23 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer
2012-05-31 16:14 . 2012-05-31 18:36 -------- d-----w- c:\programdata\99058D9B00007C230003E1F3B4EB2367
2012-05-29 05:51 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E904F851-3177-4108-A52C-A19E9AEF4B08}\mpengine.dll
2012-05-28 06:40 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-27 20:36 . 2012-05-27 20:36 -------- d-----w- c:\program files (x86)\Common Files\Steinberg
2012-05-27 20:36 . 2012-05-27 20:36 -------- d-----w- c:\program files\Common Files\VST3
2012-05-27 20:36 . 2012-05-27 20:36 -------- d-----w- c:\users\Petr\AppData\Roaming\VST3 Presets
2012-05-27 20:36 . 2012-05-27 20:36 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2012-05-27 20:25 . 2012-02-09 09:13 2286768 ----a-w- c:\program files (x86)\Mozilla Firefox\Steinberg Cubase 6.5\Setup.exe
2012-05-27 20:24 . 2012-02-09 09:13 18626728 ----a-w- c:\program files (x86)\Mozilla Firefox\Steinberg Cubase 6.5\Additional Content\Copy Protection Driver\eLicenserControlSetup.exe
2012-05-22 06:05 . 2012-05-22 06:05 -------- d-----w- c:\programdata\ATI
2012-05-22 06:05 . 2012-05-22 06:05 -------- d-----w- c:\program files (x86)\AMD AVT
2012-05-22 06:05 . 2012-05-22 06:05 -------- d-----w- c:\program files (x86)\AMD APP
2012-05-20 21:36 . 2012-05-20 21:38 -------- d-----w- c:\users\Petr\AppData\Local\SniperV2
2012-05-15 15:37 . 2012-05-15 15:37 -------- d-----w- c:\users\Petr\AppData\Roaming\ERGOM
2012-05-15 15:37 . 2012-05-15 15:37 -------- d-----w- c:\program files (x86)\Business Objects
2012-05-15 15:36 . 2012-05-15 15:36 -------- d-----w- c:\program files (x86)\Ergom
2012-05-13 18:46 . 2012-05-13 18:46 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-13 18:46 . 2012-05-13 18:46 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-10 15:02 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 15:02 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 15:02 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 15:02 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 15:02 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 15:02 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 14:58 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 14:57 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 14:57 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 14:57 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 14:57 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 14:57 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 14:57 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 09:40 . 2012-05-08 09:40 -------- d-----w- c:\program files (x86)\Cenega Czech
2012-05-08 09:40 . 2012-05-08 09:40 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-05-08 09:40 . 2002-12-05 12:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-05-08 09:40 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-05-08 09:40 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-05-08 09:40 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-05-08 09:40 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-05-08 09:40 . 2012-05-08 09:40 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-05-05 13:49 . 2012-05-05 15:03 -------- d-----w- c:\program files (x86)\hpmonitor
2012-05-05 13:49 . 2012-05-05 13:49 237 ----a-w- C:\user.js
2012-05-05 13:49 . 2012-05-05 13:49 -------- d-----w- c:\users\Petr\AppData\Roaming\Babylon
2012-05-05 13:49 . 2012-05-05 13:49 -------- d-----w- c:\users\Petr\AppData\Local\Babylon
2012-05-05 13:49 . 2012-05-05 13:49 -------- d-----w- c:\programdata\Babylon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-01 17:00 . 2012-04-01 09:39 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-01 17:00 . 2011-11-18 17:38 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 19:44 . 2011-11-20 16:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-08 15:47 . 2012-05-31 17:16 3488 ----a-w- c:\windows\UDB.zip
2012-05-08 15:47 . 2012-05-31 17:16 131 ----a-w- c:\windows\IDB.zip
2012-05-05 16:14 . 2012-04-01 10:14 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-11-25 13:57 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-11-18 13:40 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2010-11-25 13:40 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-11-25 13:16 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-10-12 19:29 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-10-12 19:29 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-28 20:11 . 2012-04-23 21:11 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-03-28 20:11 . 2012-03-28 20:11 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-03-28 20:11 . 2012-03-28 20:11 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-03-28 20:11 . 2012-03-28 20:11 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-03-28 20:11 . 2012-03-28 20:11 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-03-28 20:11 . 2012-03-28 20:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-03-28 20:11 . 2012-03-28 20:11 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-03-28 20:11 . 2012-03-28 20:11 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-03-28 20:11 . 2012-03-28 20:11 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-03-28 20:11 . 2012-03-28 20:11 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-03-28 20:11 . 2012-03-28 20:11 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-03-28 20:11 . 2012-03-28 20:11 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-03-28 20:11 . 2012-03-28 20:11 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-03-28 20:11 . 2012-03-28 20:11 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-03-28 20:11 . 2012-03-28 20:11 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-03-28 20:11 . 2012-03-28 20:11 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-03-28 20:11 . 2012-03-28 20:11 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-03-28 20:11 . 2012-03-28 20:11 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-03-09 12:07 . 2012-03-09 12:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 12:06 . 2012-03-09 12:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-06 23:15 . 2011-11-20 09:11 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-11-20 09:11 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-11-20 09:11 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-11-20 09:11 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-11-20 09:11 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-11-20 09:11 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-11-20 09:11 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-11-20 09:11 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-11-25 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-5-4 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
R3 RDID1047;DR-880;c:\windows\system32\Drivers\rdwm1047.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-08 575416]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 L6UX2;Service - Line 6 UX2;c:\windows\system32\Drivers\L6UX264.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 17:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-06-24 7233640]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"combofix"="c:\combofix\CF5465.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: line6.net
TCP: DhcpNameServer = 213.46.172.36 192.168.0.1
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g7cjhwie.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112037&babsrc=KW_ss&mntrId=248eacd20000000000008c89a55ab67a&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112037
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 248eacd20000000000008c89a55ab67a
FF - user.js: extensions.BabylonToolbar_i.hardId - 248eacd20000000000008c89a55ab67a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15465
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:49
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
AddRemove-CodInstl - c:\windows\system32\CDUninst.isu
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.5\uninstall.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files (x86)\RelevantKnowledge\rlvknlg.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1364372157-2533524082-1603163338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1364372157-2533524082-1603163338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Celkový čas: 2012-06-01 20:39:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-01 18:39
.
Před spuštěním: Volných bajtů: 30 866 120 704
Po spuštění: Volných bajtů: 30 355 255 296
.
- - End Of File - - D2689A7772F4D81DC2A0BC280183481F

Odinstalujte GridinSoft Trojan Killer

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "Adobe ARM"=-
  "WinampAgent"=-
  "QuickTime Task"=-
  "SunJavaUpdateSched"=-
  
  File::
  c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
  c:\windows\Tasks\Adobe Flash Player Updater.job
  
  Firefox::
  FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g7cjhwie.default\
  FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
  FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112037 ... 55ab67a&q=
  FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112037
  FF - user.js: extensions.BabylonToolbar_i.babExt -
  FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
  FF - user.js: extensions.BabylonToolbar_i.id - 248eacd20000000000008c89a55ab67a
  FF - user.js: extensions.BabylonToolbar_i.hardId - 248eacd20000000000008c89a55ab67a
  FF - user.js: extensions.BabylonToolbar_i.instlDay - 15465
  FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
  FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
  FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:49
  FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
  FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
  FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
  FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
  FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
  FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
  
  RegLock::
  [HKEY_USERS\S-1-5-21-1364372157-2533524082-1603163338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
  [HKEY_USERS\S-1-5-21-1364372157-2533524082-1603163338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  
  Folder::
  c:\program files (x86)\GridinSoft Trojan Killer
  
  ClearJavaCache::
  
  Reboot::
  

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Provedeno..


ComboFix 12-06-01.02 - Petr 04.06.2012 22:49:11.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8172.6332 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\GridinSoft Trojan Killer
c:\program files (x86)\GridinSoft Trojan Killer\logs\scan-2012-05-31 [19-23-36].log
c:\program files (x86)\GridinSoft Trojan Killer\logs\scan-2012-05-31 [19-25-39].log
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
c:\windows\Tasks\Adobe Flash Player Updater.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-04 do 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 20:51 . 2012-06-04 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-01 18:41 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BE8AAE3-0730-4DAC-AC90-F0142364CF64}\mpengine.dll
2012-06-01 17:22 . 2012-06-01 17:22 -------- d-----w- C:\rsit
2012-06-01 17:22 . 2012-06-01 17:22 -------- d-----w- c:\program files\trend micro
2012-05-31 19:02 . 2012-05-31 19:02 -------- d-----w- c:\program files\CCleaner
2012-05-31 17:16 . 2012-05-08 16:21 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-05-31 17:16 . 2012-05-08 16:21 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-05-31 17:16 . 2012-05-08 16:21 2267064 ----a-w- c:\windows\PCTBDCore.dll
2012-05-31 17:16 . 2012-05-08 16:21 767928 ----a-w- c:\windows\BDTSupport.dll
2012-05-31 17:15 . 2012-05-31 17:15 -------- d-----w- c:\users\Petr\AppData\Roaming\TestApp
2012-05-31 16:14 . 2012-05-31 18:36 -------- d-----w- c:\programdata\99058D9B00007C230003E1F3B4EB2367
2012-05-28 06:40 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-27 20:36 . 2012-05-27 20:36 -------- d-----w- c:\program files (x86)\Common Files\Steinberg
2012-05-27 20:36 . 2012-05-27 20:36 -------- d-----w- c:\program files\Common Files\VST3
2012-05-27 20:36 . 2012-05-27 20:36 -------- d-----w- c:\users\Petr\AppData\Roaming\VST3 Presets
2012-05-27 20:36 . 2012-05-27 20:36 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2012-05-27 20:25 . 2012-02-09 09:13 2286768 ----a-w- c:\program files (x86)\Mozilla Firefox\Steinberg Cubase 6.5\Setup.exe
2012-05-27 20:24 . 2012-02-09 09:13 18626728 ----a-w- c:\program files (x86)\Mozilla Firefox\Steinberg Cubase 6.5\Additional Content\Copy Protection Driver\eLicenserControlSetup.exe
2012-05-22 06:05 . 2012-05-22 06:05 -------- d-----w- c:\programdata\ATI
2012-05-22 06:05 . 2012-05-22 06:05 -------- d-----w- c:\program files (x86)\AMD AVT
2012-05-22 06:05 . 2012-05-22 06:05 -------- d-----w- c:\program files (x86)\AMD APP
2012-05-20 21:36 . 2012-05-20 21:38 -------- d-----w- c:\users\Petr\AppData\Local\SniperV2
2012-05-15 15:37 . 2012-05-15 15:37 -------- d-----w- c:\users\Petr\AppData\Roaming\ERGOM
2012-05-15 15:37 . 2012-05-15 15:37 -------- d-----w- c:\program files (x86)\Business Objects
2012-05-15 15:36 . 2012-05-15 15:36 -------- d-----w- c:\program files (x86)\Ergom
2012-05-13 18:46 . 2012-05-13 18:46 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-13 18:46 . 2012-05-13 18:46 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-10 15:02 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 15:02 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 15:02 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 15:02 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 15:02 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 15:02 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 14:58 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 14:57 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 14:57 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 14:57 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 14:57 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 14:57 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 14:57 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 09:40 . 2012-05-08 09:40 -------- d-----w- c:\program files (x86)\Cenega Czech
2012-05-08 09:40 . 2012-05-08 09:40 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-05-08 09:40 . 2002-12-05 12:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-05-08 09:40 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-05-08 09:40 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-05-08 09:40 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-05-08 09:40 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-05-08 09:40 . 2012-05-08 09:40 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-01 17:00 . 2012-04-01 09:39 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-01 17:00 . 2011-11-18 17:38 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 19:44 . 2011-11-20 16:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-08 15:47 . 2012-05-31 17:16 3488 ----a-w- c:\windows\UDB.zip
2012-05-08 15:47 . 2012-05-31 17:16 131 ----a-w- c:\windows\IDB.zip
2012-05-05 16:14 . 2012-04-01 10:14 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-11-25 13:57 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-11-18 13:40 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2010-11-25 13:40 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-11-25 13:16 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-10-12 19:29 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-10-12 19:29 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-28 20:11 . 2012-04-23 21:11 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-03-28 20:11 . 2012-03-28 20:11 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-03-28 20:11 . 2012-03-28 20:11 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-03-28 20:11 . 2012-03-28 20:11 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-03-28 20:11 . 2012-03-28 20:11 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-03-28 20:11 . 2012-03-28 20:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-03-28 20:11 . 2012-03-28 20:11 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-03-28 20:11 . 2012-03-28 20:11 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-03-28 20:11 . 2012-03-28 20:11 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-03-28 20:11 . 2012-03-28 20:11 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-03-28 20:11 . 2012-03-28 20:11 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-03-28 20:11 . 2012-03-28 20:11 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-03-28 20:11 . 2012-03-28 20:11 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-03-28 20:11 . 2012-03-28 20:11 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-03-28 20:11 . 2012-03-28 20:11 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-03-28 20:11 . 2012-03-28 20:11 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-03-28 20:11 . 2012-03-28 20:11 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-03-28 20:11 . 2012-03-28 20:11 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-03-26 20:00 . 2012-03-26 20:00 1227264 ----a-w- c:\windows\system32\L6DriverControlPanel.cpl
2012-03-26 20:00 . 2012-03-26 20:00 217600 ----a-w- c:\windows\system32\l6ux2_x64.dll
2012-03-26 20:00 . 2012-03-26 20:00 772224 ----a-w- c:\windows\system32\drivers\L6UX264.sys
2012-03-26 20:00 . 2012-03-26 20:00 180224 ----a-w- c:\windows\SysWow64\l6ux2.dll
2012-03-09 12:07 . 2012-03-09 12:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 12:06 . 2012-03-09 12:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-06 23:15 . 2011-11-20 09:11 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-11-20 09:11 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-11-20 09:11 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-11-20 09:11 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-11-20 09:11 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-11-20 09:11 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-11-20 09:11 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-01_18.37.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-06-04 20:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-01 17:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-01 17:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-04 20:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-04 16:49 69130 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-04 16:49 43556 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:30 . 2012-06-01 19:26 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-05-27 20:25 86016 c:\windows\system32\DriverStore\infpub.dat
- 2011-11-18 19:48 . 2012-06-01 18:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-18 19:48 . 2012-06-03 10:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-18 19:48 . 2012-06-03 10:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-18 19:48 . 2012-06-01 18:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-01 18:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-03 10:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-04 16:12 92960 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-11-18 13:30 . 2012-06-04 16:49 7266 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1364372157-2533524082-1603163338-1000_UserData.bin
- 2011-11-18 13:30 . 2012-06-01 17:19 7266 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1364372157-2533524082-1603163338-1000_UserData.bin
+ 2012-06-04 20:52 . 2012-06-04 20:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-01 18:37 . 2012-06-01 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-06-01 17:18 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-04 20:52 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:36 . 2012-06-01 17:22 616032 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-04 16:52 616032 c:\windows\system32\perfh009.dat
- 2011-04-12 08:34 . 2012-06-01 17:22 631276 c:\windows\system32\perfh005.dat
+ 2011-04-12 08:34 . 2012-06-04 16:52 631276 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-06-04 16:52 106412 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-01 17:22 106412 c:\windows\system32\perfc009.dat
+ 2011-04-12 08:34 . 2012-06-04 16:52 121930 c:\windows\system32\perfc005.dat
- 2011-04-12 08:34 . 2012-06-01 17:22 121930 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:30 . 2012-06-01 19:26 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-05-27 20:25 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-06-01 19:24 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-05-22 06:04 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-03-26 20:00 . 2012-03-26 20:00 217600 c:\windows\system32\DriverStore\FileRepository\toneport.inf_amd64_neutral_79f2fb82718bd483\l6tpux2_x64.dll
+ 2012-03-26 20:00 . 2012-03-26 20:00 180224 c:\windows\system32\DriverStore\FileRepository\toneport.inf_amd64_neutral_79f2fb82718bd483\l6tpux2.dll
+ 2012-03-26 20:00 . 2012-03-26 20:00 217600 c:\windows\system32\DriverStore\FileRepository\toneport.inf_amd64_neutral_79f2fb82718bd483\l6tpux1_x64.dll
+ 2012-03-26 20:00 . 2012-03-26 20:00 180224 c:\windows\system32\DriverStore\FileRepository\toneport.inf_amd64_neutral_79f2fb82718bd483\l6tpux1.dll
+ 2012-03-26 20:00 . 2012-03-26 20:00 772224 c:\windows\system32\DriverStore\FileRepository\toneport.inf_amd64_neutral_79f2fb82718bd483\L6TPortB64.sys
+ 2012-03-26 20:00 . 2012-03-26 20:00 772224 c:\windows\system32\DriverStore\FileRepository\toneport.inf_amd64_neutral_79f2fb82718bd483\L6TPortA64.sys
+ 2012-03-26 20:00 . 2012-03-26 20:00 772224 c:\windows\system32\DriverStore\FileRepository\l6ux2.inf_amd64_neutral_956c239ed10e99ec\L6UX264.sys
+ 2012-03-26 20:00 . 2012-03-26 20:00 217600 c:\windows\system32\DriverStore\FileRepository\l6ux2.inf_amd64_neutral_956c239ed10e99ec\l6ux2_x64.dll
+ 2012-03-26 20:00 . 2012-03-26 20:00 180224 c:\windows\system32\DriverStore\FileRepository\l6ux2.inf_amd64_neutral_956c239ed10e99ec\l6ux2.dll
+ 2012-03-26 20:00 . 2012-03-26 20:00 772224 c:\windows\system32\DriverStore\FileRepository\l6ux1.inf_amd64_neutral_63359eaf38265af1\L6UX164.sys
+ 2012-03-26 20:00 . 2012-03-26 20:00 217600 c:\windows\system32\DriverStore\FileRepository\l6ux1.inf_amd64_neutral_63359eaf38265af1\l6ux1_x64.dll
+ 2012-03-26 20:00 . 2012-03-26 20:00 180224 c:\windows\system32\DriverStore\FileRepository\l6ux1.inf_amd64_neutral_63359eaf38265af1\l6ux1.dll
- 2011-11-20 20:50 . 2012-06-01 18:36 146352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-20 20:50 . 2012-06-04 20:51 146352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-06-04 20:51 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-01 18:36 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2012-06-04 13:02 7226353 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-05-15 20:06 7226353 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 02:34 . 2012-06-04 08:50 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-11 05:09 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-11-18 18:12 . 2012-06-04 20:51 60482500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1364372157-2533524082-1603163338-1000-8192.dat
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-11-25 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
.
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
R3 RDID1047;DR-880;c:\windows\system32\Drivers\rdwm1047.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-08 575416]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 L6UX2;Service - Line 6 UX2;c:\windows\system32\Drivers\L6UX264.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-06-24 7233640]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: line6.net
TCP: DhcpNameServer = 213.46.172.36 192.168.0.1
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g7cjhwie.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Celkový čas: 2012-06-04 22:53:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-04 20:53
ComboFix2.txt 2012-06-01 18:39
.
Před spuštěním: Volných bajtů: 31 143 378 944
Po spuštění: Volných bajtů: 30 910 001 152
.
- - End Of File - - 679CE65FE99E7E1945704BB5751C6C68

Jak se chova nas pacient

Vypadá to dobře.
Jen když zapnu Firefox tak trvá cca 3 sec. než naskočí záložky a jde psát do vyhledávače.Něco to brzdí.
Vzhledem k tomu, že mám ssd HD, tak je to otravné. Nicméně dá se s tím žít:)
Díky za pomoc.!

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  CREATERESTOREPOINT
  
  netsvcs
  drivers32
  savembr:0
  
  /md5start
  atapi.sys
  autochk.exe
  cdrom.sys
  explorer.exe
  hal.dll
  scecli.dll
  svchost.exe
  tcpip.sys
  userinit.exe
  winlogon.exe
  /md5stop
  
  %systemroot%*.* /U /s
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  %SYSTEMDRIVE%\*.exe
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  
  %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
  %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
  %PROGRAMFILES%\Opera\opera.exe /md5
  %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
  
  %SystemDrive%\PhysicalMBR.bin /md5 
  
  *crack* /s
  *keygen* /s
  *loader* /s

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s







Log číslo 2


OTL Extras logfile created on: 9.6.2012 22:44:27 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Petr\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

7,98 Gb Total Physical Memory | 6,18 Gb Available Physical Memory | 77,46% Memory free
15,96 Gb Paging File | 13,96 Gb Available in Paging File | 87,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 28,63 Gb Free Space | 25,63% Space Free | Partition Type: NTFS
Drive D: | 2,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 465,83 Gb Total Space | 143,70 Gb Free Space | 30,85% Space Free | Partition Type: NTFS
Drive F: | 241,69 Gb Total Space | 43,00 Gb Free Space | 17,79% Space Free | Partition Type: NTFS
Drive G: | 223,99 Gb Total Space | 90,65 Gb Free Space | 40,47% Space Free | Partition Type: NTFS

Computer Name: PETR-PC | User Name: Petr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1364372157-2533524082-1603163338-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1228EE26-D676-4AD3-B4D6-44D8D1DD7D14}" = rport=10243 | protocol=6 | dir=out | app=system |
"{12B5CEC9-1482-439A-ABF5-0B6B9A7DA5A7}" = rport=445 | protocol=6 | dir=out | app=system |
"{130509C5-D422-4449-883F-3D58FED83E7E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{23FB75A7-9304-4697-B954-132FCF713BB7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{39574E4F-256C-4BF8-B02D-E9C9744897FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{396155B5-64C3-4A00-AD36-62842304BDFD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44DE299E-E70F-4B31-8E14-A14D120931AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{48DA3F3A-74A2-4692-9754-9672BD913938}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4CF9C486-F9D5-43F0-9438-84A97B32236C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58ACE0E7-29FF-4736-8947-F7A0FDD1CEA2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{66DA05A2-FC4D-46A3-A053-2BB96FBBE277}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{68725DD1-E49B-44BA-A4F2-B24F4311CB3F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D6625A2-649B-4C7B-B4E0-AF79586EFE7A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{710E9211-63DC-4132-ABEC-9C8886E4B9B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{71D743B3-E436-45F9-85C1-01F73A3488C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A88D206-D505-4104-9075-C4D663A3D400}" = lport=138 | protocol=17 | dir=in | app=system |
"{881148D7-9D81-4A5F-A0D9-A9CCAF63A089}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F1EA37B-EAC4-4926-956D-A752EE6CF0ED}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B5266A2E-60CB-4057-AEF3-67A31185E717}" = rport=138 | protocol=17 | dir=out | app=system |
"{B654ABBB-60E0-4BA7-BC32-D7894C10C98D}" = rport=139 | protocol=6 | dir=out | app=system |
"{BEED7C9F-7F7B-44DE-A983-DA68BE0FDAC1}" = lport=137 | protocol=17 | dir=in | app=system |
"{E7ED0C98-3216-4316-AB69-357C81694FBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E9AB3812-8177-4D83-AC77-C04CE13CEE3A}" = lport=445 | protocol=6 | dir=in | app=system |
"{E9B26C13-5945-4E27-BFBD-4D2251EA0ECF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F7365F5F-0A08-4775-943B-029890A5F7B2}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B7C088-E3D6-499B-B1DB-AA4A4F5118C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B16B885-D98B-469B-AC6F-6C4A445E548C}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{0F9EDF10-2CE8-47B9-8F75-7077756E788F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1210AD57-6FEC-4238-83BA-8D0CDFEE7F7D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{125F057F-2D6C-4BDA-896B-58E225551FFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{19D3F49E-1B50-488E-BE21-14A903530B10}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1BC069CD-4431-4624-BD75-FB75B1D1C0DE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1F7E39E4-46FD-426B-8B28-FA755FF8B7FC}" = protocol=17 | dir=in | app=e:\hry\operations\redriver.exe |
"{23EB0419-BCEF-47D9-BF68-9A282517D1FF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3E7368CF-CC29-4AE6-9F5B-F9092882C17C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5787D6ED-AE73-4033-80D8-555725ED95BA}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{5D139260-5A2B-4BF0-AB3D-DB5E39BE6FC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D3C0848-CD62-4254-B8CB-7E71D05C37D9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5E24B186-319B-4ABB-85DC-1DC26C8C47F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{62620BEC-37A8-4970-AC89-531B0CC30FD5}" = protocol=6 | dir=in | app=e:\hry\operations\redriver.exe |
"{665A6AB3-E079-4CFD-9D1F-2C233CD462F2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{667050AD-EBDA-46BA-88F1-94B3B6084B32}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{72192368-5AD5-4C7C-BC1E-8ADFD5CCDD21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7DE25D4B-B183-4899-9410-5E21F353EA33}" = protocol=6 | dir=in | app=e:\hry\operations\redriverlauncher.exe |
"{86F24D4F-D446-4285-9756-CDDCB98215B1}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{9B2FD791-7C51-4832-9DFE-0E297E15BB24}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9E83C7D7-4284-471E-B73D-E6BB1DFE5E00}" = protocol=6 | dir=in | app=e:\hry\microsoft flight\flight.exe |
"{A5AD8B7F-B251-49AC-85AD-EC736AB1AED7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A816BBD7-A5AE-4002-AF58-DEBE8F7FB645}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9C0F793-6E90-440B-87D2-063AA9DF40AA}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{B4022465-2754-4C90-BD80-22F70DB2442A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5C4413B-A505-4A46-B6C0-4BD0AE6C3EEA}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{B8304A6E-8BD5-48F9-99E9-C99A99BE686F}" = protocol=17 | dir=in | app=e:\hry\microsoft flight\flight.exe |
"{C58EF68B-2AA6-4888-B8C9-D73DB36ADF36}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C8094724-E852-4327-AF11-BBA159395829}" = protocol=17 | dir=in | app=e:\hry\operations\redriverlauncher.exe |
"{CE355AEA-54C4-4C0A-9872-B4C6159B9C80}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8FB508A-2455-4216-A0E4-07728A7E0175}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{EB2D334D-DF2C-4123-BEF3-3C1F5674C1AD}" = protocol=6 | dir=out | app=system |
"{EBFAA090-C1EC-4EEE-8DF4-BD1B4B007696}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{F4F53CB2-1ABD-49F3-89BB-89970CFC78A3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F7680422-962A-4AA2-86FF-BC2CECC3AD90}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"TCP Query User{111010DA-301E-49E9-9710-C0D8A8A39E69}F:\rfactor 2\core\rfactor2.exe" = protocol=6 | dir=in | app=f:\rfactor 2\core\rfactor2.exe |
"TCP Query User{1A830268-D408-4C09-B729-4E8D653BA29C}E:\hry\vitcong new\vietcong.exe" = protocol=6 | dir=in | app=e:\hry\vitcong new\vietcong.exe |
"TCP Query User{2BA9F611-65D9-45D1-A8D2-AFAC2EE2C7DA}E:\hry\call iii\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=e:\hry\call iii\call of duty- modern warfare 3\iw5mp_server.exe |
"TCP Query User{2D3741B8-38D0-455F-B6C6-25AA3BF81B0A}E:\hry\call iii\call of duty- modern warfare 3\iw5sp.exe" = protocol=6 | dir=in | app=e:\hry\call iii\call of duty- modern warfare 3\iw5sp.exe |
"TCP Query User{3FD23263-36D9-4FE8-9539-FF00E48956E8}C:\program files\steinberg\cubase 6\components\vstbridgeapp.exe" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase 6\components\vstbridgeapp.exe |
"TCP Query User{62C96F28-CC47-483A-9E75-B104C797A93D}E:\hry\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=e:\hry\crysis 2\bin32\crysis2.exe |
"TCP Query User{6E56FE73-E203-46A9-A2E9-9F1CC2EB9C25}E:\hry\vietcong\vietcong.exe" = protocol=6 | dir=in | app=e:\hry\vietcong\vietcong.exe |
"TCP Query User{85C96DDF-3F0B-42F9-B25F-1CA99C6D1378}C:\program files (x86)\cenega czech\vietcong\vietcong.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cenega czech\vietcong\vietcong.exe |
"TCP Query User{9185E985-3005-4F6E-81BD-5F6A30A5AD7F}G:\vietcong\vietcong.exe" = protocol=6 | dir=in | app=g:\vietcong\vietcong.exe |
"TCP Query User{94467E42-ABE0-40AF-9EE3-7B3EFC5A55D1}C:\program files\steinberg\cubase 6\cubase6.exe" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase 6\cubase6.exe |
"TCP Query User{ABC40167-442A-4A05-BB43-159E479BA7DD}E:\hudba\cubase 6\components\vstbridgeapp.exe" = protocol=6 | dir=in | app=e:\hudba\cubase 6\components\vstbridgeapp.exe |
"TCP Query User{B5015550-6041-429E-9A5A-64BB47EAE9FD}C:\rfactor\rfactor.exe" = protocol=6 | dir=in | app=c:\rfactor\rfactor.exe |
"TCP Query User{CFB8B180-ECFC-40EC-84A7-BB2AFBFB58E9}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"TCP Query User{DF26AC8D-56B5-41AE-AFD6-30E0D7BC3D91}C:\program files (x86)\g3torrent\g3torrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\g3torrent\g3torrent.exe |
"TCP Query User{E010AD64-CF32-47C4-8C9A-B33B1E3E2724}G:\vietcong\vcded.exe" = protocol=6 | dir=in | app=g:\vietcong\vcded.exe |
"TCP Query User{F1300933-D578-48A8-8AAA-7A1181430E70}C:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"TCP Query User{F8EED3BB-22D8-458F-BC8C-5E7D74B78607}E:\hudba\cubase 6\cubase6.exe" = protocol=6 | dir=in | app=e:\hudba\cubase 6\cubase6.exe |
"UDP Query User{1E7C8AEC-8A4D-423C-BEFF-391DCD6C601E}E:\hry\vitcong new\vietcong.exe" = protocol=17 | dir=in | app=e:\hry\vitcong new\vietcong.exe |
"UDP Query User{27B58247-6D59-4214-A6D4-6B0153CFBCD5}E:\hudba\cubase 6\components\vstbridgeapp.exe" = protocol=17 | dir=in | app=e:\hudba\cubase 6\components\vstbridgeapp.exe |
"UDP Query User{2A3F382A-EAFB-409B-B318-0F670D75439D}E:\hry\call iii\call of duty- modern warfare 3\iw5sp.exe" = protocol=17 | dir=in | app=e:\hry\call iii\call of duty- modern warfare 3\iw5sp.exe |
"UDP Query User{3B1E5F5E-F658-4AE7-8C52-12AF21CCF329}C:\program files (x86)\cenega czech\vietcong\vietcong.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cenega czech\vietcong\vietcong.exe |
"UDP Query User{4264A519-10BC-4984-9062-2C1C765B6DD4}G:\vietcong\vietcong.exe" = protocol=17 | dir=in | app=g:\vietcong\vietcong.exe |
"UDP Query User{4D9CFB6B-B0AE-4C50-85D3-CE9EB5EDDF6A}C:\program files\steinberg\cubase 6\components\vstbridgeapp.exe" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase 6\components\vstbridgeapp.exe |
"UDP Query User{54598875-EF81-4ECC-B41B-4CDF3F2B519F}F:\rfactor 2\core\rfactor2.exe" = protocol=17 | dir=in | app=f:\rfactor 2\core\rfactor2.exe |
"UDP Query User{72B4E9FC-C4D2-4B64-A662-6ABD5226C3DA}C:\program files\steinberg\cubase 6\cubase6.exe" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase 6\cubase6.exe |
"UDP Query User{7411EE8E-AE62-458D-807C-D74CE5203FC0}G:\vietcong\vcded.exe" = protocol=17 | dir=in | app=g:\vietcong\vcded.exe |
"UDP Query User{88196AA1-83D2-4140-A8F4-091D54007511}C:\rfactor\rfactor.exe" = protocol=17 | dir=in | app=c:\rfactor\rfactor.exe |
"UDP Query User{91EA9D93-6A7C-4BC7-8B09-C6CBDD98EC69}E:\hry\vietcong\vietcong.exe" = protocol=17 | dir=in | app=e:\hry\vietcong\vietcong.exe |
"UDP Query User{A80C1AA7-2142-4A40-AFD1-E9F5384707FC}E:\hry\call iii\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=e:\hry\call iii\call of duty- modern warfare 3\iw5mp_server.exe |
"UDP Query User{ADFE381E-C42A-4070-8445-91AD336C8CA9}C:\program files (x86)\g3torrent\g3torrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\g3torrent\g3torrent.exe |
"UDP Query User{D6F6D57B-3EED-4149-BC31-81FD050E5747}E:\hry\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=e:\hry\crysis 2\bin32\crysis2.exe |
"UDP Query User{E0A5C471-20D3-4F10-9AA5-D6F3F9455A86}C:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"UDP Query User{F63C6489-98F4-4D09-8259-CBBA9557F039}E:\hudba\cubase 6\cubase6.exe" = protocol=17 | dir=in | app=e:\hudba\cubase 6\cubase6.exe |
"UDP Query User{FA07806C-12C0-4F56-B250-25728A14CD24}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{401E03EC-1644-1B0A-B8D3-C40477ADCEC4}" = AMD Drag and Drop Transcoding
"{42976FDB-5756-4077-A491-095F228E99E2}" = MAGIX Low Latency Driver (64-Bit)
"{49146694-5F5F-4B1F-AD15-6587F47A0FD7}" = MAGIX Burn routines (64-Bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D65ECE6-131D-4B5F-8470-2750D3161619}" = Steinberg Retrologue 64bit
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75F15019-C0C2-4047-AA45-97B4BD313719}" = Steinberg Padshop 64bit
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900A29A0-52BA-4a78-8E6C-5F4F821397CE}" = Canon MF4010 Series
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B392B30E-40A5-8E20-7A98-833C66F84407}" = ATI AVIVO64 Codecs
"{B99C316B-C135-43B5-8E77-2BC5E241F964}" = Steinberg HALion Sonic SE 64bit
"{C6651CD0-4892-4465-96AC-C9864A695FF9}" = Steinberg Cubase 6 64bit
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"RolandRDID0047" = DR-880 Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{10B43A43-FF73-47FD-83E8-A503E84F9ED6}" = OpenOffice.org 3.3
"{1312306D-F0A5-4B64-BA34-AC6169A3A098}" = Steinberg HALion Symphonic Orchestra VST Sound Instrument Set
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{50494D8C-74ED-44F1-AA9B-E6D53FC4C1C8}" = Samplitude Pro X Suite Download Version
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{884D5BD0-13F2-8744-BE54-43BC21DFA06A}" = HydraVision
"{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}" = Steinberg Upload Manager
"{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}" = Steinberg LoopMash Content 2
"{8ADE1C0F-CC4B-46CC-92E2-855B6E39BD2A}" = WRC 2 FIA World Rally Championship
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CBA7E47-48DA-47DC-8E98-6984BA830295}" = Steinberg VST Amp Rack Content 01
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92C7D009-A464-4948-A980-7A3E28CB2F49}_is1" = Richard Burns Rally
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}" = Steinberg HALion Sonic SE Content
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Czech
"{AF9925DD-B191-3AF2-80DA-52D0E6F30B3E}" = Samplitude Pro X Soundloop Addon 1 for Samplitude Pro X Suite Download Version
"{B1370260-CCF7-483A-ACA0-58C353619467}" = Day Organizer, ver. 2.2.1.2
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{BA0D0121-A3BA-487D-9C78-7AB0E676C722}" = Miroslav Philharmonik
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{DBF4BC99-53F1-4C97-84C3-7557D103E182}" = Steinberg Groove Agent ONE Vintage Beatboxes
"{DCF5C463-BD5C-4982-91F9-2C3F8F9E9C88}" = Vietcong & Vietcong: Fist Alpha
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E46A4CD8-C1E8-40EB-A69D-D3977319731F}" = MAGIX Speed burnR (MSI)
"{E4BB976A-A6E5-49A4-9885-A58B519C2705}" = WRC 2 FIA World Rally Championship
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"2HCS Fakturace 3_is1" = 2HCS Fakturace v. 3.7.201
"2HCS Fakturace upgrade_is1" = 2HCS Fakturace v.3.7.257 - upgrade
"Adobe Photoshop 7.0 CE" = Adobe Photoshop 7.0 CE
"avast" = avast! Free Antivirus
"Browser Defender_is1" = Browser Guard 4.0
"BSPlayerf" = BS.Player FREE
"CodInstl" = Intel A/V Codecs V2.0
"Convert WAV To MP3_is1" = Convert WAV To MP3 1.0
"eLicenser Control" = eLicenser Control
"facemoods" = Facemoods Toolbar
"g3torrent" = G3 Torrent
"GFWL_{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"HijackThis" = HijackThis 2.0.2
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"JDownloader" = JDownloader
"KeolabSpicyGuitar_is1" = Spicy Guitar 1.2.0.1
"Line 6 Uninstaller" = Line 6 Uninstaller
"MAGIX music studio 7" = MAGIX music studio 7
"MAGIX_MSI_SamProX_Suite" = Samplitude Pro X Suite Download Version
"Mozilla Firefox 8.0 (x86 cs)" = Mozilla Firefox 8.0 (x86 cs)
"Plus500" = Plus500
"rFactor" = rFactor (remove only)
"rFactor2" = rFactor2
"RfcClient" = rFactorCentral Client 1.04
"Sniper Elite V2_is1" = Sniper Elite V2
"Spyware Doctor" = PC Tools Spyware Doctor with AntiVirus 9.0
"TC-Helicon VoiceSupport_is1" = VoiceSupport 1.1.00
"Totalcmd" = Total Commander (Remove or Repair)
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1364372157-2533524082-1603163338-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mod VFR F1 2012" = Mod VFR F1 2012
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7.6.2012 6:44:07 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =

Error - 7.6.2012 11:47:03 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =

Error - 7.6.2012 13:07:32 | Computer Name = Petr-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro f:\rfactor 2\Core\ModMgr.exe se nezdařilo.
Chyba v souboru manifestu nebo zásad na řádku . Verze součásti požadovaná aplikací
je v konfliktu s jinou verzí součásti, která je již aktivní. Konfliktní součásti:
Součást
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8.6.2012 2:33:03 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =

Error - 8.6.2012 5:47:32 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =

Error - 8.6.2012 13:04:37 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =

Error - 8.6.2012 13:54:00 | Computer Name = Petr-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro f:\rfactor 2\Core\ModMgr.exe se nezdařilo.
Chyba v souboru manifestu nebo zásad na řádku . Verze součásti požadovaná aplikací
je v konfliktu s jinou verzí součásti, která je již aktivní. Konfliktní součásti:
Součást
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9.6.2012 2:28:11 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =

Error - 9.6.2012 3:10:37 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =

Error - 9.6.2012 5:50:14 | Computer Name = Petr-PC | Source = SideBySide | ID = 16842832
Description = Generování kontextu aktivace pro f:\rfactor 2\Core\ModMgr.exe se nezdařilo.
Chyba v souboru manifestu nebo zásad na řádku . Verze součásti požadovaná aplikací
je v konfliktu s jinou verzí součásti, která je již aktivní. Konfliktní součásti:
Součást
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9.6.2012 10:41:07 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =

Error - 9.6.2012 15:44:47 | Computer Name = Petr-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 16.12.2011 11:20:14 | Computer Name = Petr-PC | Source = MCUpdate | ID = 0
Description = 16:20:14 - Chyba při připojování k Internetu 16:20:14 - Nelze kontaktovat
server..

Error - 16.12.2011 11:20:45 | Computer Name = Petr-PC | Source = MCUpdate | ID = 0
Description = 16:20:43 - Chyba při připojování k Internetu 16:20:43 - Nelze kontaktovat
server..

Error - 25.1.2012 10:02:03 | Computer Name = Petr-PC | Source = MCUpdate | ID = 0
Description = 15:02:03 - Chyba při připojování k Internetu 15:02:03 - Nelze kontaktovat
server..

Error - 25.1.2012 10:02:34 | Computer Name = Petr-PC | Source = MCUpdate | ID = 0
Description = 15:02:32 - Chyba při připojování k Internetu 15:02:32 - Nelze kontaktovat
server..

Error - 13.2.2012 10:33:51 | Computer Name = Petr-PC | Source = MCUpdate | ID = 0
Description = 15:33:51 - Chyba při připojování k Internetu 15:33:51 - Nelze kontaktovat
server..

Error - 13.2.2012 10:34:22 | Computer Name = Petr-PC | Source = MCUpdate | ID = 0
Description = 15:34:20 - Chyba při připojování k Internetu 15:34:20 - Nelze kontaktovat
server..

Error - 13.2.2012 11:35:04 | Computer Name = Petr-PC | Source = MCUpdate | ID = 0
Description = 16:35:04 - Chyba při připojování k Internetu 16:35:04 - Nelze kontaktovat
server..

Error - 13.2.2012 11:35:34 | Computer Name = Petr-PC | Source = MCUpdate | ID = 0
Description = 16:35:34 - Chyba při připojování k Internetu 16:35:34 - Nelze kontaktovat
server..

Error - 13.2.2012 12:36:16 | Computer Name = Petr-PC | Source = MCUpdate | ID = 0
Description = 17:36:16 - Chyba při připojování k Internetu 17:36:16 - Nelze kontaktovat
server..

Error - 13.2.2012 12:36:46 | Computer Name = Petr-PC | Source = MCUpdate | ID = 0
Description = 17:36:46 - Chyba při připojování k Internetu 17:36:46 - Nelze kontaktovat
server..

[ System Events ]
Error - 7.6.2012 11:45:20 | Computer Name = Petr-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: luafv

Error - 8.6.2012 2:31:19 | Computer Name = Petr-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: luafv

Error - 8.6.2012 2:46:05 | Computer Name = Petr-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: luafv

Error - 8.6.2012 5:45:49 | Computer Name = Petr-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: luafv

Error - 8.6.2012 13:02:53 | Computer Name = Petr-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: luafv

Error - 9.6.2012 2:26:27 | Computer Name = Petr-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: luafv

Error - 9.6.2012 3:08:55 | Computer Name = Petr-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: luafv

Error - 9.6.2012 10:39:26 | Computer Name = Petr-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: luafv

Error - 9.6.2012 13:00:52 | Computer Name = Petr-PC | Source = Service Control Manager | ID = 7043
Description = Služba Klient zásad skupiny se po přijetí pokynu pro vypnutí neukončila
správně.

Error - 9.6.2012 15:43:04 | Computer Name = Petr-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: luafv


< End of report >

Poprosim o log s nazvem OTL.txt

Tady to je.



OTL logfile created on: 9.6.2012 22:44:27 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Petr\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

7,98 Gb Total Physical Memory | 6,18 Gb Available Physical Memory | 77,46% Memory free
15,96 Gb Paging File | 13,96 Gb Available in Paging File | 87,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 28,63 Gb Free Space | 25,63% Space Free | Partition Type: NTFS
Drive D: | 2,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 465,83 Gb Total Space | 143,70 Gb Free Space | 30,85% Space Free | Partition Type: NTFS
Drive F: | 241,69 Gb Total Space | 43,00 Gb Free Space | 17,79% Space Free | Partition Type: NTFS
Drive G: | 223,99 Gb Total Space | 90,65 Gb Free Space | 40,47% Space Free | Partition Type: NTFS

Computer Name: PETR-PC | User Name: Petr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.06.09 22:42:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Petr\Desktop\OTL.exe
PRC - [2012.05.08 18:21:30 | 000,575,416 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.05 09:07:55 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.22 06:19:12 | 002,656,280 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 06:19:08 | 000,326,168 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.17 20:01:18 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 20:01:18 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.11.25 22:31:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010.11.17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2012.05.05 18:14:26 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2011.11.20 18:49:25 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.11.05 09:07:55 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010.11.25 22:30:30 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\hydracsy.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.06.01 19:00:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012.05.11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012.05.08 18:21:30 | 000,575,416 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.03.01 19:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011.02.22 06:19:12 | 002,656,280 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.02.22 06:19:08 | 000,326,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.11 11:14:26 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012.05.08 18:21:48 | 000,085,192 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012.04.23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.26 22:00:22 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L6UX264.sys -- (L6UX2)
DRV:64bit: - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.12.05 13:57:39 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.06.10 08:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.09.17 14:27:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\synusb64.sys -- (synusb64)
DRV:64bit: - [2010.04.27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 17:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010.04.27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.09.18 02:13:00 | 000,081,920 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1047.sys -- (RDID1047)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1364372157-2533524082-1603163338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1364372157-2533524082-1603163338-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-1364372157-2533524082-1603163338-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1364372157-2533524082-1603163338-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1364372157-2533524082-1603163338-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTer ... 89a55ab67a
IE - HKU\S-1-5-21-1364372157-2533524082-1603163338-1000\..\SearchScopes\{A7CA6E0B-81C6-413D-B787-06F020D251DD}: "URL" = http://www.bing.com/search?FORM=WLETDF& ... -SearchBox
IE - HKU\S-1-5-21-1364372157-2533524082-1603163338-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.05.28 08:40:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files (x86)\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012.05.31 19:16:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.16 08:33:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.31 18:20:28 | 000,000,000 | ---D | M]

[2011.11.18 19:36:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petr\AppData\Roaming\Mozilla\Extensions
[2012.06.09 17:15:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g7cjhwie.default\extensions
[2011.11.18 19:36:06 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g7cjhwie.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2012.11.20 17:50:27 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g7cjhwie.default\extensions\DefaultManager@Microsoft
[2012.05.05 15:49:53 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g7cjhwie.default\extensions\ffxtlbr@babylon.com
[2011.12.22 10:35:01 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g7cjhwie.default\extensions\ffxtlbr@Facemoods.com
[2012.06.09 17:15:04 | 000,003,915 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g7cjhwie.default\searchplugins\sweetim.xml
[2012.05.31 21:44:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.11.20 18:49:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012.05.31 21:44:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.11.18 19:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011.11.18 19:35:56 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2012.05.28 08:40:23 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011.11.05 09:07:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.31 21:44:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.05.05 15:49:39 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.12.22 10:35:07 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011.11.05 06:51:00 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2011.11.05 06:51:00 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.11.05 06:51:00 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2011.11.05 06:51:00 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.11.05 06:51:00 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2012.06.04 22:52:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1364372157-2533524082-1603163338-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - Startup: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1364372157-2533524082-1603163338-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1364372157-2533524082-1603163338-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-1364372157-2533524082-1603163338-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA4765BB-A427-4D4A-980F-4334CF269436}: DhcpNameServer = 213.46.172.36 192.168.0.1
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.04.19 09:39:46 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005.10.04 13:18:17 | 000,217,564 | R--- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2005.02.08 14:25:10 | 001,053,696 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.07.20 23:20:57 | 000,000,000 | ---D | M] - E:\Auto 2011 -- [ NTFS ]
O32 - AutoRun File - [2011.09.19 21:24:25 | 000,000,000 | ---D | M] - E:\Autorádio záloha -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.g723 - g723.acm File not found
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.I263 - C:\Windows\SysWow64\i263_32.drv (Intel Corporation)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i263_32.drv (Intel Corporation)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MP43 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.11.20 17:50:17 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{668A3097-0FEC-46C2-9DCD-E6FBAAEEB2B9}
[2012.11.20 17:50:06 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{EE2F817F-D13B-4865-86C9-C5561F6024BE}
[2012.11.20 17:50:06 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{6C13AA57-940A-4169-ACD4-373B9A6D411C}
[2012.06.09 22:42:08 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Petr\Desktop\OTL.exe
[2012.06.09 22:41:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.09 17:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.06.09 17:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\OptimizerPro
[2012.06.09 17:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012.06.09 10:49:58 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{C76A6463-4B34-40B6-B017-181048705B02}
[2012.06.09 10:49:37 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{DF705B8A-4EFD-4AE4-BD68-3C097182FB95}
[2012.06.09 08:28:07 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{5BFBC159-B294-4C49-92F0-95EA2EB7A79F}
[2012.06.08 23:12:36 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{44B7694D-FF7A-4C5B-AFB2-B0C07F51F9AF}
[2012.06.08 22:34:40 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{9E66DDE6-5E90-4199-89B6-819995690FF6}
[2012.06.08 08:36:21 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{D727639F-D018-4F46-8F16-0A379E4CE4CF}
[2012.06.08 08:35:59 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{6B297409-89C0-4920-849E-584DEE34E81F}
[2012.06.07 18:41:56 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{43A4F70E-0A39-463E-BA41-F525F6C19127}
[2012.06.07 18:41:34 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{44484E80-717A-400A-AB40-67E8FA7B660A}
[2012.06.07 17:45:57 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{A83BBB21-D95A-49A9-9EB9-D15E3E7C58A5}
[2012.06.07 17:45:46 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{436575CB-B4DB-4F69-92BD-26140B172E27}
[2012.06.07 04:27:33 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{14C15C5C-8D39-457B-AD11-6520D6E4449A}
[2012.06.07 04:27:22 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{62A19E8C-F52F-40C3-98BA-94785350C6DC}
[2012.06.06 14:07:30 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{84554AB1-6C58-4ECE-AF39-C27057017C76}
[2012.06.06 14:07:19 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{8F4F592E-E187-4CD5-BE7E-BA7C490D90E0}
[2012.06.05 20:56:59 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{30C77FB2-7F52-4F4B-BEEF-60A7BF28C86A}
[2012.06.05 20:56:37 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{0C9F771C-C8A6-43BF-8511-CC626A812C6C}
[2012.06.05 20:38:23 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{D34F972E-37DB-4AE9-A1FF-5FEF7EA8DC6D}
[2012.06.05 14:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vietcong
[2012.06.05 08:35:28 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{E576127B-FCA0-47F3-82C6-D2B2903A5DEA}
[2012.06.05 08:35:06 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{2555FC0E-31E7-4112-A37C-E83E1AB77C87}
[2012.06.04 22:52:50 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.06.04 21:40:02 | 000,000,000 | ---D | C] -- C:\Users\Petr\Desktop\Porovnání _ MALL.CZ_soubory
[2012.06.04 15:03:35 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{7FF7AF8C-2AB7-4ABC-B880-4FB7C5E92F44}
[2012.06.04 15:03:24 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{753F9BEA-C4F0-4A63-B32F-984F048F5E94}
[2012.06.04 10:40:51 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{F0C47AEA-7B81-45E6-BB4F-845B9E88E6CA}
[2012.06.04 09:35:31 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{39099DD4-875E-4AA4-8E24-9058088773D1}
[2012.06.04 09:18:34 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{F94718B2-EE50-40DA-9B24-3AB49B816645}
[2012.06.04 08:11:22 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{BC87DCF3-0E76-4048-B415-22CA2E57BEB3}
[2012.06.03 22:53:26 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{09E99BBB-97F1-4780-A27B-B159D0047B4C}
[2012.06.03 10:27:05 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{553A2B38-95B8-4703-8D4D-05E3E1E7A83C}
[2012.06.03 10:26:53 | 000,000,000 | ---D | C] -- C:\Users\Petr\AppData\Local\{EE2D333A-79A2-465D-9F0F-16000825D1B0}

========== Files - Modified Within 7 Days ==========

[2012.06.09 22:45:42 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.06.09 22:42:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Petr\Desktop\OTL.exe
[2012.06.09 21:50:07 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.09 21:50:07 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.09 21:47:22 | 001,470,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.09 21:47:22 | 000,631,276 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2012.06.09 21:47:22 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.09 21:47:22 | 000,121,930 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2012.06.09 21:47:22 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.09 21:43:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.09 21:42:55 | 2131,455,999 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.09 17:16:38 | 000,001,332 | ---- | M] () -- C:\Users\Petr\Desktop\F1 2012 Silverstone.rar
[2012.06.09 17:14:59 | 000,000,248 | ---- | M] () -- C:\Users\Petr\Desktop\SweetPcFix.url
[2012.06.08 19:12:50 | 000,015,510 | ---- | M] () -- C:\Users\Petr\Desktop\Tržby.ods
[2012.06.05 14:36:07 | 000,000,489 | ---- | M] () -- C:\Users\Public\Desktop\Vietcong - Fist Alpha.lnk
[2012.06.05 14:36:07 | 000,000,455 | ---- | M] () -- C:\Users\Public\Desktop\Vietcong.lnk
[2012.06.04 22:52:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.04 21:40:03 | 000,145,176 | ---- | M] () -- C:\Users\Petr\Desktop\Porovnání _ MALL.CZ.htm

========== Files Created - No Company Name ==========

[2012.06.09 22:45:42 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.06.09 17:16:38 | 000,001,332 | ---- | C] () -- C:\Users\Petr\Desktop\F1 2012 Silverstone.rar
[2012.06.09 17:14:59 | 000,000,248 | ---- | C] () -- C:\Users\Petr\Desktop\SweetPcFix.url
[2012.06.05 14:36:07 | 000,000,489 | ---- | C] () -- C:\Users\Public\Desktop\Vietcong - Fist Alpha.lnk
[2012.06.05 14:36:07 | 000,000,455 | ---- | C] () -- C:\Users\Public\Desktop\Vietcong.lnk
[2012.06.04 21:40:02 | 000,145,176 | ---- | C] () -- C:\Users\Petr\Desktop\Porovnání _ MALL.CZ.htm
[2012.06.01 20:33:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.01 20:33:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.01 20:33:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.01 20:33:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.01 20:33:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.05.31 19:16:55 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.03.09 23:20:37 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.04 14:18:40 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2012.01.04 14:17:24 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2012.01.04 14:17:24 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2011.12.18 18:41:08 | 000,000,848 | ---- | C] () -- C:\Users\Petr\AppData\Local\SRDownloader(2).nast
[2011.12.18 18:41:02 | 000,000,138 | ---- | C] () -- C:\Users\Petr\AppData\Local\SRDownloader(2).err
[2011.12.10 14:57:50 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2011.12.10 14:57:30 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011.12.10 14:56:55 | 000,000,603 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.12.10 14:56:55 | 000,000,071 | ---- | C] () -- C:\Windows\magix.ini
[2011.11.20 19:46:57 | 000,000,358 | ---- | C] () -- C:\Windows\GearBox.ini
[2011.11.20 13:28:40 | 000,278,528 | ---- | C] () -- C:\Windows\SysWow64\mejlovani.dll
[2011.11.18 15:41:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012.01.14 13:12:31 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\.rFactor
[2011.11.20 13:28:45 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\2hcs
[2012.05.05 15:49:38 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Babylon
[2011.12.05 22:56:01 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\BlackBean
[2012.04.15 18:52:55 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\BSplayer
[2012.04.15 18:51:53 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\BSplayer Pro
[2012.05.31 21:04:23 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\DAEMON Tools Lite
[2012.05.15 17:37:17 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\ERGOM
[2011.11.18 19:42:44 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\GHISLER
[2011.12.25 01:55:00 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Keolab
[2011.12.06 17:00:33 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Line 6
[2011.12.22 14:33:30 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\MAGIX
[2011.11.18 15:42:52 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\MAXON
[2011.11.20 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\OpenOffice.org
[2012.01.02 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\RfcClient
[2012.04.23 23:12:27 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Samsung
[2012.06.02 22:31:54 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Steinberg
[2011.12.06 16:42:20 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\TC-Helicon
[2012.05.31 19:15:14 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\TestApp
[2012.05.31 21:04:23 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Vso
[2012.05.27 22:36:22 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\VST3 Presets
[2011.11.21 16:42:03 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Windows Live Writer
[2012.06.01 22:28:23 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< >

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2012.05.31 19:00:15 | 026,853,544 | ---- | M] (GridinSoft LLC) MD5=DF8C9F3E660B89F9FBA6DA2244BAF9AC -- C:\Users\Petr\Downloads\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.09.29 19:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010.11.21 05:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012.03.30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011.04.25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2012.03.30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\ERDNT\cache64\tcpip.sys
[2012.03.30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012.03.30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011.04.25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011.09.29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< >

< %systemroot%*.* /U /s >
[5 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\Installer\{AF9925DD-B191-3AF2-80DA-52D0E6F30B3E}\*.tmp files -> C:\Windows\Installer\{AF9925DD-B191-3AF2-80DA-52D0E6F30B3E}\*.tmp -> ]
[24 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.01.14 13:12:31 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\.rFactor
[2011.11.20 13:28:45 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\2hcs
[2012.05.04 17:03:09 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Adobe
[2012.01.04 21:44:18 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Apple Computer
[2011.11.18 15:41:55 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\ATI
[2012.05.05 15:49:38 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Babylon
[2011.12.05 22:56:01 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\BlackBean
[2012.04.15 18:52:55 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\BSplayer
[2012.04.15 18:51:53 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\BSplayer Pro
[2011.12.20 18:10:11 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\CyberLink
[2012.05.31 21:04:23 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\DAEMON Tools Lite
[2012.05.15 17:37:17 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\ERGOM
[2011.11.18 19:42:44 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\GHISLER
[2011.11.18 14:50:50 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Identities
[2012.03.09 23:18:53 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\InstallShield
[2011.12.25 01:55:00 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Keolab
[2011.12.06 17:00:33 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Line 6
[2011.11.18 19:38:43 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Macromedia
[2011.12.22 14:33:30 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\MAGIX
[2011.11.18 15:42:52 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\MAXON
[2011.04.12 10:45:23 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Media Center Programs
[2012.04.23 23:18:01 | 000,000,000 | --SD | M] -- C:\Users\Petr\AppData\Roaming\Microsoft
[2011.11.18 19:36:06 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Mozilla
[2011.11.20 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\OpenOffice.org
[2012.01.02 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\RfcClient
[2012.04.23 23:12:27 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Samsung
[2012.06.02 22:31:54 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Steinberg
[2011.12.06 16:42:20 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\TC-Helicon
[2012.05.31 19:15:14 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\TestApp
[2012.05.31 21:04:23 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Vso
[2012.05.27 22:36:22 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\VST3 Presets
[2012.05.31 21:04:23 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Winamp
[2011.11.21 16:42:03 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\Windows Live Writer
[2011.12.05 12:43:18 | 000,000,000 | ---D | M] -- C:\Users\Petr\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2009.08.11 21:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 21:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 14:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2010.02.23 17:01:52 | 001,185,871 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010.08.14 10:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010.08.14 10:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010.08.14 10:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.09.30 15:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Petr\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2012.05.15 17:36:59 | 000,004,846 | R--- | M] () -- C:\Users\Petr\AppData\Roaming\Microsoft\Installer\{B1370260-CCF7-483A-ACA0-58C353619467}\_17BCF08247AB9A6A3A49DF.exe
[2012.05.15 17:36:59 | 000,004,846 | R--- | M] () -- C:\Users\Petr\AppData\Roaming\Microsoft\Installer\{B1370260-CCF7-483A-ACA0-58C353619467}\_1F8832B63E666662C07F19.exe
[2012.05.15 17:36:59 | 000,105,489 | R--- | M] () -- C:\Users\Petr\AppData\Roaming\Microsoft\Installer\{B1370260-CCF7-483A-ACA0-58C353619467}\_6FEFF9B68218417F98F549.exe
[2012.05.15 17:36:59 | 000,105,489 | R--- | M] () -- C:\Users\Petr\AppData\Roaming\Microsoft\Installer\{B1370260-CCF7-483A-ACA0-58C353619467}\_861DD69666754F251C2C2D.exe
[2012.05.15 17:36:59 | 000,105,489 | R--- | M] () -- C:\Users\Petr\AppData\Roaming\Microsoft\Installer\{B1370260-CCF7-483A-ACA0-58C353619467}\_8CC529B1312CCABDE5FD57.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.06.09 21:45:05 | 000,000,000 | ---- | M] () -- C:\Windows\system32\log.txt

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2010.11.21 05:24:51 | 001,475,584 | ---- | M] (Microsoft Corporation)
"HydraVisionDesktopManager" = "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" -- [2010.11.25 22:31:10 | 000,393,216 | ---- | M] (AMD)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2011.11.05 09:07:55 | 000,924,632 | ---- | M] (Mozilla Corporation) MD5=4CB4054659ABEEEF925B153E2290E634 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2011.11.18 15:53:03 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.06.09 22:45:42 | 000,000,512 | ---- | M] () MD5=3AC1C98B0A80BB8D966030D3722D3432 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2011.12.22 10:37:25 | 000,004,328 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\plugins\hoster\CrackedCom.class

< *keygen* /s >

< *loader* /s >
[2002.09.25 21:05:38 | 000,113,664 | ---- | M] () -- \Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2011.02.25 14:32:02 | 000,214,528 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloader.exe
[2011.02.25 13:49:26 | 000,743,728 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloader.jar
[2011.12.28 21:34:21 | 000,267,003 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloader.log
[2010.12.15 14:59:32 | 000,218,816 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloaderBETA.exe
[2010.12.15 14:59:32 | 000,218,816 | ---- | M] () -- \Program Files (x86)\JDownloader\JDownloaderD3D.exe
[2011.12.22 10:36:01 | 000,001,010 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\img\favicons\jdownloader.org.png
[2011.12.22 10:36:29 | 000,007,073 | ---- | M] () -- \Program Files (x86)\JDownloader\jd\plugins\hoster\UploaderPl.class
[2011.02.25 13:49:46 | 000,032,222 | ---- | M] () -- \Program Files (x86)\JDownloader\licenses\jdownloader.license
[2011.03.28 12:21:20 | 000,005,987 | ---- | M] () -- \Program Files (x86)\Microsoft\BingBar\scripts\io\downloader.js
[2009.05.31 04:21:00 | 000,071,008 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2009.05.31 04:21:00 | 000,073,568 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2011.01.17 17:21:04 | 000,006,263 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\Basis\program\pythonloader.py
[2011.11.20 18:49:24 | 000,021,504 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2011.01.17 20:07:52 | 000,000,171 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2011.11.20 18:49:25 | 000,029,184 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2010.11.19 13:24:20 | 000,003,689 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\URE\java\unoloader.jar
[2012.05.11 11:13:48 | 000,364,472 | ---- | M] () -- \Program Files (x86)\PC Tools\PC Tools Security\sdloader.exe
[2011.12.22 10:35:16 | 000,000,362 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader Support.lnk
[2011.12.22 10:35:16 | 000,001,140 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader.lnk
[2011.12.22 10:35:16 | 000,001,115 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader\Uninstall JDownloader.lnk
[2012.05.04 17:00:44 | 000,001,365 | ---- | M] () -- \Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk.vir
[2011.12.22 10:35:16 | 000,000,362 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader Support.lnk
[2011.12.22 10:35:16 | 000,001,140 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader.lnk
[2011.12.22 10:35:16 | 000,001,115 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\JDownloader\Uninstall JDownloader.lnk
[2011.12.18 18:41:02 | 000,000,138 | ---- | M] () -- \Users\Petr\AppData\Local\SRDownloader(2).err
[2011.12.18 18:41:34 | 000,000,848 | ---- | M] () -- \Users\Petr\AppData\Local\SRDownloader(2).nast
[2010.11.24 20:07:22 | 000,001,069 | ---- | M] () -- \Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g7cjhwie.default\extensions\ffxtlbr@Facemoods.com\content\Loader.js
[2011.12.22 10:35:16 | 000,001,040 | ---- | M] () -- \Users\Public\Desktop\JDownloader.lnk
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:21:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.04.12 10:34:35 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2011.04.12 10:34:35 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2011.04.12 10:34:35 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2011.04.12 10:34:35 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2011.04.12 10:34:35 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2011.11.18 15:50:15 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.11.18 15:50:15 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2011.11.18 15:50:15 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2011.11.18 15:50:15 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2011.11.18 15:50:15 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009.07.14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2011.04.12 10:33:23 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2010.11.21 05:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >