VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Škodlivé programy

https://forum.viry.cz:443/viewtopic.php?t=124512

Stránka 1 z 2

Škodlivé programy

Napsal: 24 zář 2012 22:25
od xPajas
Zdravím,

mám nový ntb od asusu s předinstalovaným OS a je tam dost nainstalovaných kravin. Na začátku jsem tyto programy začal mazat a s nimi se mi smazali různé funkce klávesnice, pokazil se mi explorer.exe atd. Zdá se mi, že ntb pořád komunikuje s nějakými servery a brzdí mi tak internet a mám pomalou odezvu. Posílám log a potřeboval bych poradit, co bych mohl smazat a co ne. Předem děkuji.

http://leteckaposta.cz/978660599

Re: Škodlivé programy

Napsal: 25 zář 2012 17:21
od Rudy
Také zdravím!
Buď dejte log přímo do postu na fórum, nebo jej zabalte v jiném formátu. WinRarem tohle neotevřu.

Re: Škodlivé programy

Napsal: 28 zář 2012 23:23
od xPajas
Používám 7zip, tady je log:


Logfile of random's system information tool 1.09 (written by random/random)
Run by Pavel at 2012-09-24 21:51:21
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 7 GB (3%) free of 191 GB
Total RAM: 8097 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:51:23, on 24.9.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3225826
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: BitTorrentControl_v12 - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe
O4 - HKLM\..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2563066766-1230321987-857231328-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2563066766-1230321987-857231328-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: CyberLink Product - 2012/08/23 20:15:54 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TiMiniService - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15591 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2563066766-1230321987-857231328-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2563066766-1230321987-857231328-1001UA.job
C:\Windows\tasks\MATLAB R2012b Startup Accelerator.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\0habdb41.default

"{22C7F6C6-8D67-4534-92B5-529A0EC09405}"=C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wolfram.com/Mathematica]
"Description"=Wolfram Mathematica Plug-in
"Path"=C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\ZEON/PDF,version=2.0]
"Description"=
"Path"=C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}]
TmIEPlugInBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll [2010-09-17 185680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-18 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13 60576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
BitTorrentControl_v12 Toolbar - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]
TmBpIeBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17 234832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-18 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - BitTorrentControl_v12 Toolbar - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"=C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [2008-11-03 328992]
"ASUSPRP"=C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2011-04-13 2018032]
"ASUSWebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [2011-02-23 731472]
"FLxHCIm"=C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [2011-02-25 40448]
"SonicMasterTray"=C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [2010-07-10 984400]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17 5732992]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-07 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-09-24 1601536]
"SessionLogon"=C:\ExpressGateUtil\SessionLogon.exe []
"VAWinAgent"=C:\ExpressGateUtil\VAWinAgent.exe [2010-08-13 21504]
"RemoteControl10"=C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]
"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [2010-11-12 75048]
"UpdatePSTShortCut"=C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [2010-11-25 222504]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"=C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2012-04-26 3111744]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13 17418928]
"Google Update"=C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 116648]
"Infium"=C:\Program Files (x86)\QIP 2012\qip.exe /autorun []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2009-07-18 257440]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\SysWOW64\nvinit.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.siren"=sirenacm.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"msacm.l3codecp"=l3codecp.acm
"vidc.mjpg"=pvmjpg30.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2012-09-24 21:15:33 ----D---- C:\rsit
2012-09-24 21:15:33 ----D---- C:\Program Files (x86)\trend micro
2012-09-24 20:11:48 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-09-23 03:00:46 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2012-09-23 03:00:45 ----A---- C:\Windows\SysWOW64\vbscript.dll
2012-09-23 03:00:45 ----A---- C:\Windows\SysWOW64\ieui.dll
2012-09-23 03:00:44 ----A---- C:\Windows\SysWOW64\urlmon.dll
2012-09-23 03:00:44 ----A---- C:\Windows\SysWOW64\url.dll
2012-09-23 03:00:44 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2012-09-23 03:00:43 ----A---- C:\Windows\SysWOW64\wininet.dll
2012-09-23 03:00:43 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2012-09-23 03:00:42 ----A---- C:\Windows\SysWOW64\jscript9.dll
2012-09-23 03:00:42 ----A---- C:\Windows\SysWOW64\jscript.dll
2012-09-23 03:00:41 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2012-09-23 03:00:41 ----A---- C:\Windows\SysWOW64\iertutil.dll
2012-09-23 03:00:40 ----A---- C:\Windows\SysWOW64\mshtml.dll
2012-09-23 03:00:34 ----A---- C:\Windows\SysWOW64\ieframe.dll
2012-09-20 10:40:52 ----D---- C:\Program Files (x86)\Common Files\Wolfram Research
2012-09-20 10:40:52 ----D---- C:\Program Files (x86)\Common Files\ResearchSoft
2012-09-18 18:19:57 ----D---- C:\Program Files (x86)\PANDORA.TV
2012-09-18 18:19:45 ----D---- C:\Program Files (x86)\The KMPlayer
2012-09-18 18:19:25 ----D---- C:\ProgramData\Ask
2012-09-18 16:20:41 ----D---- C:\Users\Pavel\AppData\Roaming\Subversion
2012-09-18 16:20:28 ----D---- C:\Users\Pavel\AppData\Roaming\MathWorks
2012-09-18 11:43:54 ----D---- C:\ProgramData\Sun
2012-09-18 11:43:53 ----D---- C:\Program Files (x86)\Common Files\Java
2012-09-18 11:43:47 ----A---- C:\Windows\SysWOW64\npDeployJava1.dll
2012-09-18 11:43:47 ----A---- C:\Windows\SysWOW64\javaws.exe
2012-09-18 11:43:47 ----A---- C:\Windows\SysWOW64\deployJava1.dll
2012-09-18 11:43:42 ----A---- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-18 11:43:42 ----A---- C:\Windows\SysWOW64\javaw.exe
2012-09-18 11:43:42 ----A---- C:\Windows\SysWOW64\java.exe
2012-09-18 11:43:30 ----D---- C:\Program Files (x86)\Java
2012-09-18 08:42:33 ----D---- C:\Program Files (x86)\Common Files\Adobe
2012-09-18 08:42:33 ----D---- C:\Program Files (x86)\Adobe
2012-09-18 08:41:15 ----D---- C:\ProgramData\Adobe
2012-09-17 17:32:23 ----D---- C:\Program Files (x86)\Counter-Strike 1.6 V35
2012-09-17 16:56:31 ----D---- C:\Users\Pavel\AppData\Roaming\GarenaPlus
2012-09-17 16:55:09 ----D---- C:\Program Files (x86)\Garena Plus
2012-09-17 16:55:05 ----D---- C:\ProgramData\GarenaMessenger
2012-09-13 22:45:41 ----D---- C:\Users\Pavel\AppData\Roaming\Mathematica
2012-09-13 22:45:04 ----D---- C:\ProgramData\Mathematica
2012-09-13 22:41:55 ----A---- C:\Windows\SysWOW64\mlmodule32.dll
2012-09-13 22:41:55 ----A---- C:\Windows\SysWOW64\ml32i3.dll
2012-09-13 22:41:55 ----A---- C:\Windows\SysWOW64\ml32i2.dll
2012-09-13 22:41:55 ----A---- C:\Windows\SysWOW64\ml32i1.dll
2012-09-13 17:25:35 ----D---- C:\Users\Pavel\AppData\Roaming\Mozilla
2012-09-13 17:25:32 ----D---- C:\Program Files (x86)\Conduit
2012-09-13 17:25:30 ----D---- C:\Program Files (x86)\BitTorrentControl_v12
2012-09-13 17:25:21 ----D---- C:\Program Files (x86)\BitTorrent
2012-09-13 17:24:47 ----D---- C:\Users\Pavel\AppData\Roaming\BitTorrent
2012-09-12 18:59:46 ----D---- C:\Users\Pavel\AppData\Roaming\FLEXnet
2012-09-12 18:59:44 ----D---- C:\Users\Pavel\AppData\Roaming\Nuance
2012-09-12 18:59:41 ----D---- C:\Users\Pavel\AppData\Roaming\Zeon
2012-09-12 12:08:00 ----A---- C:\Windows\SysWOW64\d3d10level9.dll
2012-09-11 13:17:17 ----D---- C:\Program Files (x86)\MSXML 4.0
2012-09-10 22:05:19 ----A---- C:\Windows\unvise32.exe
2012-09-10 22:02:16 ----D---- C:\Program Files (x86)\Common Files\Pinnacle
2012-09-10 22:01:24 ----D---- C:\ProgramData\Pinnacle Studio Ultimate
2012-09-10 21:57:50 ----D---- C:\Program Files (x86)\Common Files\Pegasus Imaging
2012-09-10 21:57:48 ----D---- C:\ProgramData\Studio 15
2012-09-10 21:57:48 ----D---- C:\ProgramData\Pinnacle Studio Plus
2012-09-10 21:57:48 ----D---- C:\Program Files (x86)\Pinnacle
2012-09-10 21:57:48 ----D---- C:\Program Files (x86)\Common Files\Yahoo!
2012-09-10 21:56:15 ----D---- C:\ProgramData\Pinnacle
2012-09-03 16:07:26 ----D---- C:\Users\Pavel\AppData\Roaming\TS3Client
2012-09-01 18:11:42 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
2012-09-01 18:11:39 ----A---- C:\Windows\SysWOW64\d3dx10.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2012-09-01 18:11:37 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2012-09-01 18:11:32 ----D---- C:\Program Files (x86)\Focus Home Interactive
2012-09-01 11:24:55 ----A---- C:\Windows\SysWOW64\xmllite.dll
2012-09-01 11:24:54 ----A---- C:\Windows\SysWOW64\srclient.dll
2012-09-01 11:24:52 ----A---- C:\Windows\SysWOW64\explorer.exe
2012-09-01 11:24:52 ----A---- C:\Windows\explorer.exe
2012-09-01 11:24:49 ----A---- C:\Windows\SysWOW64\ntshrui.dll
2012-09-01 11:24:47 ----A---- C:\Windows\SysWOW64\tquery.dll
2012-09-01 11:24:47 ----A---- C:\Windows\SysWOW64\SearchProtocolHost.exe
2012-09-01 11:24:47 ----A---- C:\Windows\SysWOW64\SearchIndexer.exe
2012-09-01 11:24:47 ----A---- C:\Windows\SysWOW64\mssrch.dll
2012-09-01 11:24:47 ----A---- C:\Windows\SysWOW64\mssph.dll
2012-09-01 11:24:46 ----A---- C:\Windows\SysWOW64\SearchFilterHost.exe
2012-09-01 11:24:46 ----A---- C:\Windows\SysWOW64\mssvp.dll
2012-09-01 11:24:45 ----A---- C:\Windows\SysWOW64\mssphtb.dll
2012-09-01 11:24:45 ----A---- C:\Windows\SysWOW64\msscntrs.dll
2012-09-01 11:24:40 ----A---- C:\Windows\SysWOW64\win32spl.dll
2012-09-01 11:24:40 ----A---- C:\Windows\splwow64.exe
2012-09-01 11:24:38 ----A---- C:\Windows\SysWOW64\XpsPrint.dll
2012-09-01 11:24:31 ----A---- C:\Windows\SysWOW64\msi.dll
2012-09-01 11:24:27 ----A---- C:\Windows\SysWOW64\esent.dll
2012-09-01 11:24:26 ----A---- C:\Windows\SysWOW64\fsutil.exe
2012-09-01 11:18:15 ----A---- C:\Windows\SysWOW64\prevhost.exe
2012-09-01 11:06:04 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-09-01 11:05:08 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-09-01 11:04:42 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2012-09-01 11:04:33 ----D---- C:\Program Files (x86)\Microsoft Office
2012-09-01 11:04:30 ----D---- C:\ProgramData\Microsoft Help
2012-09-01 11:04:21 ----RHD---- C:\MSOCache
2012-08-31 19:30:28 ----D---- C:\Users\Pavel\AppData\Roaming\FastStone
2012-08-31 19:28:42 ----D---- C:\Program Files (x86)\FastStone Image Viewer
2012-08-27 23:58:14 ----D---- C:\ProgramData\TamoSoft
2012-08-27 23:57:48 ----D---- C:\Program Files (x86)\CommViewWiFi
2012-08-26 22:56:06 ----D---- C:\Users\Pavel\AppData\Roaming\QIP
2012-08-25 16:09:38 ----D---- C:\Users\Pavel\AppData\Roaming\Macromedia
2012-08-25 12:53:56 ----D---- C:\Windows\SysWOW64\cs
2012-08-25 12:53:48 ----D---- C:\Windows\SysWOW64\XPSViewer
2012-08-25 12:53:48 ----D---- C:\Windows\SysWOW64\drivers\cs-CZ
2012-08-25 12:53:48 ----D---- C:\Windows\cs-CZ
2012-08-24 15:12:03 ----D---- C:\Windows\SysWOW64\Wat
2012-08-24 12:19:09 ----A---- C:\Windows\SysWOW64\imagehlp.dll
2012-08-24 12:19:08 ----A---- C:\Windows\SysWOW64\wmi.dll
2012-08-24 12:19:08 ----A---- C:\Windows\SysWOW64\wintrust.dll
2012-08-24 11:37:40 ----A---- C:\Windows\SysWOW64\odbctrac.dll
2012-08-24 11:37:40 ----A---- C:\Windows\SysWOW64\odbcjt32.dll
2012-08-24 11:37:40 ----A---- C:\Windows\SysWOW64\odbccu32.dll
2012-08-24 11:37:40 ----A---- C:\Windows\SysWOW64\odbccr32.dll
2012-08-24 11:37:40 ----A---- C:\Windows\SysWOW64\odbccp32.dll
2012-08-24 11:37:37 ----A---- C:\Windows\SysWOW64\DWrite.dll
2012-08-24 11:37:29 ----A---- C:\Windows\SysWOW64\poqexec.exe
2012-08-24 11:37:28 ----A---- C:\Windows\SysWOW64\quartz.dll
2012-08-24 11:37:28 ----A---- C:\Windows\SysWOW64\qdvd.dll
2012-08-24 11:37:24 ----A---- C:\Windows\SysWOW64\webio.dll
2012-08-24 11:37:22 ----A---- C:\Windows\SysWOW64\msxml6.dll
2012-08-24 11:37:21 ----A---- C:\Windows\SysWOW64\msxml3r.dll
2012-08-24 11:37:21 ----A---- C:\Windows\SysWOW64\msxml3.dll
2012-08-24 11:37:12 ----A---- C:\Windows\SysWOW64\shell32.dll
2012-08-24 11:37:09 ----A---- C:\Windows\SysWOW64\schannel.dll
2012-08-24 11:37:09 ----A---- C:\Windows\SysWOW64\ncrypt.dll
2012-08-24 11:37:08 ----A---- C:\Windows\SysWOW64\sspicli.dll
2012-08-24 11:37:08 ----A---- C:\Windows\SysWOW64\secur32.dll
2012-08-24 11:37:00 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-24 11:37:00 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-24 11:35:53 ----A---- C:\Windows\SysWOW64\psisdecd.dll
2012-08-24 11:35:47 ----A---- C:\Windows\SysWOW64\crypt32.dll
2012-08-24 11:35:46 ----A---- C:\Windows\SysWOW64\cryptsvc.dll
2012-08-24 11:35:46 ----A---- C:\Windows\SysWOW64\cryptnet.dll
2012-08-24 11:35:40 ----A---- C:\Windows\SysWOW64\netapi32.dll
2012-08-24 11:35:40 ----A---- C:\Windows\SysWOW64\browcli.dll
2012-08-24 11:35:35 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2012-08-24 11:35:34 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-24 11:35:34 ----A---- C:\Windows\SysWOW64\setup16.exe
2012-08-24 11:35:34 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2012-08-24 11:35:34 ----A---- C:\Windows\SysWOW64\kernel32.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-24 11:35:33 ----A---- C:\Windows\SysWOW64\wow32.dll
2012-08-24 11:35:33 ----A---- C:\Windows\SysWOW64\instnm.exe
2012-08-24 11:35:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-24 11:35:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-24 11:35:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-24 11:35:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-24 11:35:31 ----A---- C:\Windows\SysWOW64\user.exe
2012-08-24 11:35:28 ----A---- C:\Windows\SysWOW64\drvinst.exe
2012-08-24 11:35:28 ----A---- C:\Windows\SysWOW64\devrtl.dll
2012-08-24 11:35:28 ----A---- C:\Windows\SysWOW64\devobj.dll
2012-08-24 11:35:28 ----A---- C:\Windows\SysWOW64\cfgmgr32.dll
2012-08-24 11:35:16 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2012-08-24 11:35:15 ----A---- C:\Windows\SysWOW64\msvcrt.dll
2012-08-24 11:35:11 ----A---- C:\Windows\SysWOW64\oleacc.dll
2012-08-24 11:35:10 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2012-08-24 11:35:09 ----A---- C:\Windows\SysWOW64\EncDec.dll
2012-08-24 11:35:03 ----A---- C:\Windows\SysWOW64\tzres.dll
2012-08-24 11:34:52 ----A---- C:\Windows\SysWOW64\cdosys.dll
2012-08-24 11:34:49 ----A---- C:\Windows\SysWOW64\ntdll.dll
2012-08-24 11:34:48 ----A---- C:\Windows\SysWOW64\packager.dll
2012-08-24 11:16:58 ----D---- C:\Windows\Minidump
2012-08-24 05:48:38 ----A---- C:\Windows\AsToolCDVer.txt
2012-08-24 05:48:38 ----A---- C:\Windows\AsRunBar.txt
2012-08-24 05:48:12 ----D---- C:\eSupport
2012-08-24 05:46:39 ----D---- C:\WIMAPPLY
2012-08-24 05:26:52 ----A---- C:\devlist.txt
2012-08-24 05:18:48 ----A---- C:\Windows\AsChkDev.txt
2012-08-24 05:14:52 ----A---- C:\Windows\SysWOW64\msxml3a.dll
2012-08-24 05:14:52 ----A---- C:\Windows\SysWOW64\msvcr71.dll
2012-08-24 05:14:52 ----A---- C:\Windows\SysWOW64\msvcp71.dll
2012-08-24 05:11:00 ----D---- C:\Program Files (x86)\CyberLink
2012-08-24 05:10:59 ----D---- C:\ProgramData\Temp
2012-08-24 05:10:59 ----D---- C:\ProgramData\CyberLink
2012-08-24 05:10:07 ----HD---- C:\ExpressGateUtil
2012-08-24 05:08:46 ----D---- C:\Windows\SysWOW64\ASUS_Screensaver dir
2012-08-24 05:08:46 ----A---- C:\Windows\SysWOW64\ASUS_Screensaver.scr
2012-08-24 05:08:44 ----A---- C:\Windows\AsScrPro.exe
2012-08-24 05:08:43 ----A---- C:\Windows\SysWOW64\ACEngSvr.exe
2012-08-24 05:08:36 ----D---- C:\ProgramData\P4G
2012-08-24 05:06:28 ----D---- C:\Program Files (x86)\Common Files\Atheros
2012-08-24 05:06:27 ----D---- C:\Program Files (x86)\Bluetooth Suite
2012-08-24 05:05:20 ----D---- C:\Program Files (x86)\Atheros
2012-08-24 05:05:14 ----D---- C:\ProgramData\Atheros
2012-08-24 05:03:07 ----D---- C:\ProgramData\SonicFocus
2012-08-24 05:03:05 ----D---- C:\Windows\SysWOW64\RTCOM
2012-08-24 05:02:57 ----A---- C:\Windows\SysWOW64\SFCOM.dll
2012-08-24 05:02:56 ----N---- C:\Windows\RtlExUpd.dll
2012-08-24 05:02:56 ----HD---- C:\Program Files (x86)\Temp
2012-08-24 05:02:56 ----D---- C:\Program Files (x86)\Realtek
2012-08-24 05:02:54 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2012-08-24 05:02:36 ----D---- C:\ProgramData\AmUStor
2012-08-24 05:02:36 ----D---- C:\Program Files (x86)\AmIcoSingLun
2012-08-24 05:01:40 ----A---- C:\Windows\AsPatch10430001.exe
2012-08-24 05:00:41 ----A---- C:\Windows\SysWOW64\log.txt
2012-08-24 05:00:40 ----D---- C:\Program Files (x86)\Common Files\postureAgent
2012-08-24 05:00:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-08-24 05:00:31 ----D---- C:\Windows\SysWOW64\NV
2012-08-24 04:59:43 ----D---- C:\ProgramData\NVIDIA
2012-08-24 04:59:04 ----D---- C:\ProgramData\NVIDIA Corporation
2012-08-24 04:59:02 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-08-24 04:58:54 ----A---- C:\Windows\SysWOW64\OpenCL.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SysWOW64\nvwgf2um.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SysWOW64\nvumdshim.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SysWOW64\nvoptimusmft.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SysWOW64\nvoglv32.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SysWOW64\nvinit.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SysWOW64\nvdecodemft.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SysWOW64\nvd3dum.dll
2012-08-24 04:58:53 ----A---- C:\Windows\SysWOW64\nvcuvid.dll
2012-08-24 04:58:53 ----A---- C:\Windows\SysWOW64\nvcuvenc.dll
2012-08-24 04:58:53 ----A---- C:\Windows\SysWOW64\nvcuda.dll
2012-08-24 04:58:53 ----A---- C:\Windows\SysWOW64\nvcompiler.dll
2012-08-24 04:58:53 ----A---- C:\Windows\SysWOW64\nvapi.dll
2012-08-24 04:58:11 ----D---- C:\NvidiaLogs
2012-08-24 04:57:15 ----D---- C:\ProgramData\Intel
2012-08-24 04:56:07 ----D---- C:\Program Files (x86)\Common Files\Intel
2012-08-24 04:54:20 ----D---- C:\Program Files (x86)\Intel
2012-08-24 04:54:20 ----A---- C:\Windows\SysWOW64\CSVer.dll
2012-08-24 04:54:16 ----D---- C:\Intel
2012-08-24 04:52:49 ----D---- C:\Windows\SoftwareDistribution
2012-08-24 04:49:03 ----ASH---- C:\hiberfil.sys
2012-08-24 04:49:02 ----SHD---- C:\System Volume Information
2012-08-24 04:49:02 ----ASH---- C:\pagefile.sys
2012-08-23 22:58:32 ----D---- C:\Users\Pavel\AppData\Roaming\WinRAR
2012-08-23 22:57:41 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll
2012-08-23 22:57:41 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll
2012-08-23 22:57:05 ----D---- C:\Program Files (x86)\Winamp Detect
2012-08-23 22:56:56 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-08-23 22:56:52 ----D---- C:\Users\Pavel\AppData\Roaming\Winamp
2012-08-23 22:56:52 ----D---- C:\Program Files (x86)\Winamp
2012-08-23 22:55:24 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client
2012-08-23 22:54:07 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2012-08-23 22:54:04 ----D---- C:\Program Files (x86)\Common Files\Skype
2012-08-23 22:54:01 ----RD---- C:\Program Files (x86)\Skype
2012-08-23 22:53:59 ----D---- C:\ProgramData\Skype
2012-08-23 21:46:34 ----D---- C:\Users\Pavel\AppData\Roaming\.purple
2012-08-23 21:46:06 ----D---- C:\Program Files (x86)\Pidgin
2012-08-23 21:44:40 ----D---- C:\Users\Pavel\AppData\Roaming\DAEMON Tools Pro
2012-08-23 21:44:38 ----D---- C:\Program Files (x86)\DAEMON Tools Pro
2012-08-23 21:43:59 ----D---- C:\ProgramData\DAEMON Tools Pro
2012-08-23 21:36:29 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-23 21:36:28 ----D---- C:\Program Files (x86)\Microsoft Security Client
2012-08-23 21:34:15 ----D---- C:\Users\Pavel\AppData\Roaming\Adobe
2012-08-23 20:49:11 ----A---- C:\Windows\SysWOW64\rdpcore.dll
2012-08-23 20:39:36 ----D---- C:\Users\Pavel\AppData\Roaming\ASUS WebStorage
2012-08-23 20:36:52 ----D---- C:\Users\Pavel\AppData\Roaming\Identities
2012-08-23 20:36:47 ----D---- C:\Users\Pavel\AppData\Roaming\Google
2012-08-23 20:36:37 ----D---- C:\ProgramData\FolderView
2012-08-23 20:36:36 ----HD---- C:\ASUS.DAT
2012-08-23 20:36:33 ----SD---- C:\Users\Pavel\AppData\Roaming\Microsoft
2012-08-23 20:36:33 ----D---- C:\Users\Pavel\AppData\Roaming\Media Center Programs

======List of files/folders modified in the last 3 months======

2012-09-24 21:43:53 ----D---- C:\Windows\Temp
2012-09-24 21:43:25 ----D---- C:\Windows\Prefetch
2012-09-24 21:15:33 ----RD---- C:\Program Files (x86)
2012-09-23 03:18:33 ----D---- C:\Windows\winsxs
2012-09-23 03:16:41 ----D---- C:\Windows\SysWOW64\migration
2012-09-23 03:16:41 ----D---- C:\Windows\SysWOW64
2012-09-23 03:16:41 ----D---- C:\Windows\System32
2012-09-23 03:16:41 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-21 14:47:27 ----RSD---- C:\Windows\Fonts
2012-09-20 10:40:52 ----D---- C:\Program Files (x86)\Common Files
2012-09-18 18:19:25 ----HD---- C:\ProgramData
2012-09-18 18:19:25 ----D---- C:\Windows
2012-09-18 16:11:21 ----D---- C:\Windows\Tasks
2012-09-18 16:11:16 ----RSD---- C:\Windows\assembly
2012-09-18 15:43:36 ----RD---- C:\Program Files
2012-09-18 15:39:06 ----SHD---- C:\Windows\Installer
2012-09-17 17:25:01 ----D---- C:\Windows\inf
2012-09-12 18:59:44 ----D---- C:\ProgramData\Nuance
2012-09-03 16:27:53 ----D---- C:\Windows\Microsoft.NET
2012-09-01 22:35:51 ----D---- C:\Windows\SysWOW64\en-US
2012-09-01 22:35:51 ----D---- C:\Windows\SysWOW64\cs-CZ
2012-09-01 22:35:51 ----D---- C:\Windows\AppPatch
2012-09-01 18:19:22 ----A---- C:\Windows\win.ini
2012-09-01 18:16:56 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2012-09-01 11:07:06 ----D---- C:\Windows\ShellNew
2012-09-01 11:06:18 ----D---- C:\Program Files (x86)\MSBuild
2012-09-01 11:06:04 ----SD---- C:\ProgramData\Microsoft
2012-08-25 12:53:59 ----D---- C:\Program Files (x86)\Windows Sidebar
2012-08-25 12:53:59 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2012-08-25 12:53:59 ----D---- C:\Program Files (x86)\Windows Media Player
2012-08-25 12:53:59 ----D---- C:\Program Files (x86)\Windows Mail
2012-08-25 12:53:59 ----D---- C:\Program Files (x86)\Windows Defender
2012-08-25 12:53:59 ----D---- C:\Program Files (x86)\Common Files\System
2012-08-25 12:53:58 ----D---- C:\Windows\servicing
2012-08-25 12:53:56 ----D---- C:\Windows\SysWOW64\winrm
2012-08-25 12:53:56 ----D---- C:\Windows\SysWOW64\slmgr
2012-08-25 12:53:56 ----D---- C:\Windows\SysWOW64\migwiz
2012-08-25 12:53:56 ----D---- C:\Windows\ehome
2012-08-25 12:53:48 ----D---- C:\Windows\SysWOW64\WCN
2012-08-25 12:53:48 ----D---- C:\Windows\SysWOW64\wbem
2012-08-25 12:53:48 ----D---- C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-08-25 12:53:48 ----D---- C:\Windows\SysWOW64\MUI
2012-08-25 12:53:48 ----D---- C:\Windows\SysWOW64\DriverStore
2012-08-25 12:53:48 ----D---- C:\Windows\SysWOW64\drivers
2012-08-25 12:53:48 ----D---- C:\Windows\SysWOW64\Dism
2012-08-25 12:53:48 ----D---- C:\Windows\SysWOW64\com
2012-08-25 12:53:48 ----D---- C:\Windows\IME
2012-08-25 12:53:47 ----D---- C:\Windows\PolicyDefinitions
2012-08-25 11:26:02 ----D---- C:\Windows\rescache
2012-08-25 01:24:24 ----D---- C:\Windows\SysWOW64\sysprep
2012-08-25 01:24:24 ----D---- C:\Windows\SysWOW64\es-ES
2012-08-25 01:24:24 ----D---- C:\Windows\SysWOW64\drivers\UMDF
2012-08-25 01:24:06 ----D---- C:\Windows\es-ES
2012-08-25 01:23:53 ----D---- C:\Windows\SysWOW64\ru-RU
2012-08-25 01:23:28 ----D---- C:\Windows\pt-PT
2012-08-25 01:23:27 ----D---- C:\Windows\SysWOW64\pt-PT
2012-08-25 01:22:56 ----D---- C:\Windows\it-IT
2012-08-25 01:22:54 ----D---- C:\Windows\SysWOW64\oobe
2012-08-25 01:22:54 ----D---- C:\Windows\SysWOW64\it-IT
2012-08-25 01:22:46 ----D---- C:\Windows\SysWOW64\Setup
2012-08-25 01:22:15 ----D---- C:\Windows\SysWOW64\zh-TW
2012-08-25 01:22:07 ----D---- C:\Windows\zh-TW
2012-08-25 01:22:06 ----D---- C:\Windows\Globalization
2012-08-24 21:08:45 ----D---- C:\Windows\SysWOW64\he-IL
2012-08-24 21:06:37 ----D---- C:\Windows\SysWOW64\el-GR
2012-08-24 21:04:17 ----D---- C:\Windows\SysWOW64\de-DE
2012-08-24 21:04:17 ----D---- C:\Windows\de-DE
2012-08-24 21:01:54 ----D---- C:\Windows\fr-FR
2012-08-24 21:01:53 ----D---- C:\Windows\SysWOW64\fr-FR
2012-08-24 21:00:00 ----D---- C:\Windows\SysWOW64\nl-NL
2012-08-24 21:00:00 ----D---- C:\Windows\nl-NL
2012-08-24 20:57:54 ----D---- C:\Windows\SysWOW64\ar-SA
2012-08-24 20:54:54 ----D---- C:\Windows\Logs
2012-08-24 15:13:23 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-08-24 12:12:57 ----D---- C:\Windows\debug
2012-08-24 05:48:18 ----D---- C:\Windows\ASUS
2012-08-24 05:26:48 ----D---- C:\Windows\Log
2012-08-24 04:59:34 ----D---- C:\Windows\Help
2012-08-23 20:50:39 ----D---- C:\ProgramData\Partner
2012-08-23 20:50:39 ----D---- C:\Program Files (x86)\Google
2012-08-23 20:49:22 ----D---- C:\Program Files (x86)\ASUS
2012-08-23 20:41:29 ----D---- C:\Program Files (x86)\Microsoft
2012-08-23 20:39:37 ----D---- C:\ProgramData\ChangeFolderView
2012-08-23 20:38:30 ----D---- C:\ProgramData\Trend Micro
2012-08-23 20:36:50 ----SHD---- C:\$Recycle.Bin
2012-08-23 20:36:33 ----RD---- C:\Users
2012-08-23 20:35:28 ----SHD---- C:\Recovery
2012-08-23 14:26:59 ----D---- C:\Windows\Panther

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys []
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys []
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys []
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys []
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys []
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver; C:\Windows\system32\DRIVERS\FLxHCIc.sys []
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver; C:\Windows\system32\DRIVERS\FLxHCIh.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys []
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys []
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys []
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys []
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys []
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys []
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys []
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys []
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys []
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys []
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys []
S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7; C:\Windows\system32\DRIVERS\ts_athwx.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe []
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-21 325656]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 12600]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe []
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-14 2009704]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-06-22 625816]
R2 TiMiniService;TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R2 VideAceWindowsService;VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [2010-08-21 77312]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-04-17 247152]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/08/23 20:15:54; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-13 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 Amsp;Trend Micro Solution Platform; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2010-09-17 267480]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

Re: Škodlivé programy

Napsal: 28 zář 2012 23:23
od xPajas
a info:


info.txt logfile of random's system information tool 1.09 2012-09-24 21:51:25

======Uninstall list======

Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader X (10.1.0) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA1000000001}
Alcor Micro USB Card Reader-->C:\Program Files (x86)\InstallShield Installation Information\{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}\Setup.exe
ASUS AI Recovery-->MsiExec.exe /I{38253529-D97D-4901-AE53-5CC9736D3A2E}
ASUS FancyStart-->MsiExec.exe /I{2B81872B-A054-48DA-BE3B-FA5C164C303A}
ASUS LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
ASUS Live Update-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\Setup.exe" -l0x9
ASUS SmartLogon-->MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5}
ASUS Splendid Video Enhancement Technology-->MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D}
ASUS Video Magic-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
ASUS Video Magic-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
ASUS WebStorage-->C:\Program Files (x86)\ASUS\ASUS WebStorage\uninst.exe
ASUS_Screensaver-->C:\Windows\system32\ASUS_Screensaver.scr /u
AsusVibe2.0-->C:\Program Files (x86)\Asus\AsusVibe\unins000.exe
Atheros Client Installation Program-->C:\Program Files (x86)\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x0009 -removeonly
ATK Package-->MsiExec.exe /I{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}
BitTorrent-->"C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /UNINSTALL
BitTorrentControl_v12 Toolbar-->C:\Program Files (x86)\BitTorrentControl_v12\uninstall.exe toolbar
Bookworm Deluxe-->C:\Program Files (x86)\Asus\Game Park\Bookworm Deluxe\Uninstall.exe
Cities XL 2012-->C:\Program Files (x86)\Focus Home Interactive\Cities XL 2012\uninst.exe
CommView for WiFi-->C:\PROGRA~2\COMMVI~1\CV.exe /u
Control ActiveX de Windows Live Mesh para conexiones remotas-->MsiExec.exe /I{04668DF2-D32F-4555-9C7E-35523DCD6544}
Contrôle ActiveX Windows Live Mesh pour connexions à distance-->MsiExec.exe /I{55D003F4-9599-44BF-BA9E-95D060730DD3}
Controlo ActiveX do Windows Live Mesh para Ligações Remotas-->MsiExec.exe /I{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}
Cooking Dash-->C:\Program Files (x86)\Asus\Game Park\Cooking Dash\Uninstall.exe
Counter-Strike 1.6 V35-->C:\Program Files (x86)\Counter-Strike 1.6 V35\Uninstal.exe
CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
CyberLink MediaEspresso-->"C:\Program Files (x86)\InstallShield Installation Information\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\Setup.exe" /z-uninstall
CyberLink MediaEspresso-->"C:\Program Files (x86)\InstallShield Installation Information\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\Setup.exe" /z-uninstall
CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
CyberLink PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
CyberLink PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
CyberLink PowerDVD 10-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
CyberLink PowerDVD 10-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Pro-->C:\Program Files (x86)\DAEMON Tools Pro\uninst.exe
ExpressGate Cloud-->"C:\Program Files (x86)\InstallShield Installation Information\{499DED08-6FA8-4749-8E94-8526CC9D1CA8}\setup.exe" -runfromtemp -l0x0409 -removeonly
ExpressGate Cloud-->MsiExec.exe /X{499DED08-6FA8-4749-8E94-8526CC9D1CA8}
FastStone Image Viewer 4.6-->C:\Program Files (x86)\FastStone Image Viewer\uninst.exe
Galeria de Fotografias do Windows Live-->MsiExec.exe /X{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}
Galería fotográfica de Windows Live-->MsiExec.exe /X{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}
Galerie de photos Windows Live-->MsiExec.exe /X{488F0347-C4A7-4374-91A7-30818BEDA710}
Game Park Console-->"C:\Program Files (x86)\Asus\Game Park\GameConsole\unins000.exe"
Garena Plus-->C:\Program Files (x86)\Garena Plus\uninst.exe
Governor of Poker-->C:\Program Files (x86)\Asus\Game Park\Governor of Poker\Uninstall.exe
Hotel Dash Suite Success-->C:\Program Files (x86)\Asus\Game Park\Hotel Dash Suite Success\Uninstall.exe
Intel(R) Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
Java 7 Update 7-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217007FF}
Jewel Quest 3-->C:\Program Files (x86)\Asus\Game Park\Jewel Quest 3\Uninstall.exe
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Knoll Light Factory EZ Studio 15-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 15\Plugins\RTFx\klfezstudio.log
Luxor 3-->C:\Program Files (x86)\Asus\Game Park\Luxor 3\Uninstall.exe
Mahjongg dimensions-->C:\Program Files (x86)\Asus\Game Park\Mahjongg dimensions\Uninstall.exe
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Mozilla Firefox 15.0.1 (x86 cs)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nuance PDF Reader-->MsiExec.exe /X{B480904D-F73F-4673-B034-8A5F492C9184}
Pandora Service-->"C:\Program Files (x86)\PANDORA.TV\PanService\unins000.exe"
Pidgin-->C:\Program Files (x86)\Pidgin\pidgin-uninst.exe
Pinnacle Studio 15 Ultimate Plugins-->MsiExec.exe /I{EB5DF19E-75D5-4FF1-AE23-2A9A2E0F2BDD}
Pinnacle Studio 15-->MsiExec.exe /I{1362E602-9625-42D3-B57F-CDA9D26F9DA8}
Plants vs Zombies-->C:\Program Files (x86)\Asus\Game Park\Plants vs Zombies\Uninstall.exe
Raccolta foto di Windows Live-->MsiExec.exe /X{ED16B700-D91F-44B0-867C-7EB5253CA38D}
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly
Red Giant ToonIt Studio 15-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 15\Plugins\RTFx\rgtoonitstudio.log
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client
Skype™ 5.10-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}
SonicMaster-->MsiExec.exe /I{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}
syncables desktop SE-->MsiExec.exe /X{341697D8-9923-445E-B42A-529E5A99CB7A}
TeamSpeak 3 Client-->"C:\Program Files (x86)\TeamSpeak 3 Client\uninstall.exe"
The KMPlayer (remove only)-->"C:\Program Files (x86)\The KMPlayer\uninstall.exe"
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{17F99FCE-8F03-4439-860A-25C5A5434E18}
Windows Live Essentials-->MsiExec.exe /I{2A07C35B-8384-4DA4-9A95-442B6C89A073}
Windows Live Essentials-->MsiExec.exe /I{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}
Windows Live Essentials-->MsiExec.exe /I{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}
Windows Live Essentials-->MsiExec.exe /I{ABD534B7-E951-470E-92C2-CD5AF1735726}
Windows Live Essentials-->MsiExec.exe /I{B618C3BF-5142-4630-81DD-F96864F97C7E}
Windows Live Essentials-->MsiExec.exe /I{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}
Windows Live Essentials-->MsiExec.exe /I{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Fotogalerie-->MsiExec.exe /X{B113D18C-67B0-4FB7-B329-E89B66194AE6}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{0D261C88-454B-46FE-B43B-640E621BDA11}
Windows Live Mail-->MsiExec.exe /I{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}
Windows Live Mail-->MsiExec.exe /I{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}
Windows Live Mail-->MsiExec.exe /I{A0B91308-6666-4249-8FF6-1E11AFD75FE1}
Windows Live Mail-->MsiExec.exe /I{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}
Windows Live Mail-->MsiExec.exe /I{B1239994-A850-44E2-BED8-E70A21124E16}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mail-->MsiExec.exe /I{D588365A-AE39-4F27-BDAE-B4E72C8E900C}
Windows Live Mail-->MsiExec.exe /I{DBAA2B17-D596-4195-A169-BA2166B0D69B}
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen-->MsiExec.exe /I{C32CE55C-12BA-4951-8797-0967FDEF556F}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh ActiveX control for remote connections-->MsiExec.exe /I{C5398A89-516C-4DAF-BA07-EE7949090E56}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}
Windows Live Mesh-->MsiExec.exe /I{039480EE-6933-4845-88B8-77FD0C3D059D}
Windows Live Mesh-->MsiExec.exe /I{2C865FB0-051E-4D22-AC62-428E035AEAF0}
Windows Live Mesh-->MsiExec.exe /I{3F4143A1-9C21-4011-8679-3BC1014C6886}
Windows Live Mesh-->MsiExec.exe /I{46872828-6453-4138-BE1C-CE35FBF67978}
Windows Live Mesh-->MsiExec.exe /I{7496FD31-E5CB-4AE4-82D3-31099558BF6A}
Windows Live Mesh-->MsiExec.exe /I{78DAE910-CA72-450E-AD22-772CB1A00678}
Windows Live Mesh-->MsiExec.exe /I{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}
Windows Live Mesh-->MsiExec.exe /I{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Mesh-->MsiExec.exe /I{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}
Windows Live Mesh-->MsiExec.exe /I{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}
Windows Live Messenger-->MsiExec.exe /X{0A9256E0-C924-46DE-921B-F6C4548A1C64}
Windows Live Messenger-->MsiExec.exe /X{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}
Windows Live Messenger-->MsiExec.exe /X{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}
Windows Live Messenger-->MsiExec.exe /X{4A275FD1-2F24-4274-8C01-813F5AD1A92D}
Windows Live Messenger-->MsiExec.exe /X{5F6E678A-7E61-448A-86CB-BC2AD1E04138}
Windows Live Messenger-->MsiExec.exe /X{6057E21C-ABE9-4059-AE3E-3BEB9925E660}
Windows Live Messenger-->MsiExec.exe /X{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}
Windows Live Messenger-->MsiExec.exe /X{6986737B-F286-40D1-87AF-938339DCF6AB}
Windows Live Messenger-->MsiExec.exe /X{6A563426-3474-41C6-B847-42B39F1485B2}
Windows Live Messenger-->MsiExec.exe /X{709E38A9-7F80-4598-96CC-44B0D553FECE}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}
Windows Live Movie Maker-->MsiExec.exe /X{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}
Windows Live Movie Maker-->MsiExec.exe /X{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}
Windows Live Movie Maker-->MsiExec.exe /X{7465A996-0FCA-4D2D-A52C-F833B0829B5B}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}
Windows Live Movie Maker-->MsiExec.exe /X{BF022D76-9F72-4203-B8FA-6522DC66DFDA}
Windows Live Movie Maker-->MsiExec.exe /X{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}
Windows Live Movie Maker-->MsiExec.exe /X{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}
Windows Live Movie Maker-->MsiExec.exe /X{E4E88B54-4777-4659-967A-2EED1E6AFD83}
Windows Live Movie Maker-->MsiExec.exe /X{FF105207-8423-4E13-B0B1-50753170B245}
Windows Live Movie Maker-->MsiExec.exe /X{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}
Windows Live Photo Common-->MsiExec.exe /X{168E7302-890A-4138-9109-A225ACAF7AD1}
Windows Live Photo Common-->MsiExec.exe /X{29373E24-AC72-424E-8F2A-FB0F9436F21F}
Windows Live Photo Common-->MsiExec.exe /X{370F888E-42A7-4911-9E34-7D74632E17EB}
Windows Live Photo Common-->MsiExec.exe /X{4D83F339-5A5C-4B21-8FD3-5D407B981E72}
Windows Live Photo Common-->MsiExec.exe /X{73FC3510-6421-40F7-9503-EDAE4D0CF70D}
Windows Live Photo Common-->MsiExec.exe /X{9BD262D0-B788-4546-A0A5-F4F56EC3834B}
Windows Live Photo Common-->MsiExec.exe /X{A41A708E-3BE6-4561-855D-44027C1CF0F8}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}
Windows Live Photo Common-->MsiExec.exe /X{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}
Windows Live Photo Common-->MsiExec.exe /X{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}
Windows Live Photo Common-->MsiExec.exe /X{C893D8C0-1BA0-4517-B11C-E89B65E72F70}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live Photo Gallery-->MsiExec.exe /X{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{05E379CC-F626-4E7D-8354-463865B303BF}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{128133D3-037A-4C62-B1B7-55666A10587A}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{37B33B16-2535-49E7-8990-32668708A0A3}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{40BFD84C-64CD-42CC-9909-8734C50429C6}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{506FC723-8E6C-4417-9CFF-351F99130425}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{77477AEA-5757-47D8-8B33-939F43D82218}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{D299197D-CDEA-41A6-A363-F532DE4114FD}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{14B441B7-774D-4170-98EA-A13667AE6218}
Windows Live Writer Resources-->MsiExec.exe /X{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}
Windows Live Writer Resources-->MsiExec.exe /X{2511AAD7-82DF-4B97-B0B3-E1B933317010}
Windows Live Writer Resources-->MsiExec.exe /X{62687B11-58B5-4A18-9BC3-9DF4CE03F194}
Windows Live Writer Resources-->MsiExec.exe /X{6807427D-8D68-4D30-AF5B-0B38F8F948C8}
Windows Live Writer Resources-->MsiExec.exe /X{7FF11E53-C002-4F40-8D68-6BE751E5DD62}
Windows Live Writer Resources-->MsiExec.exe /X{93E464B3-D075-4989-87FD-A828B5C308B1}
Windows Live Writer Resources-->MsiExec.exe /X{C29FC15D-E84B-4EEC-8505-4DED94414C59}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer Resources-->MsiExec.exe /X{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}
Windows Live Writer Resources-->MsiExec.exe /X{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}
Windows Live Writer Resources-->MsiExec.exe /X{F52C5BE7-3F57-464E-8A54-908402E43CE8}
Windows Live Writer-->MsiExec.exe /X{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}
Windows Live Writer-->MsiExec.exe /X{1A82AE99-84D3-486D-BAD6-675982603E14}
Windows Live Writer-->MsiExec.exe /X{3B9A92DA-6374-4872-B646-253F18624D5F}
Windows Live Writer-->MsiExec.exe /X{48C0DC5E-820A-44F2-890E-29B68EDD3C78}
Windows Live Writer-->MsiExec.exe /X{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}
Windows Live Writer-->MsiExec.exe /X{7E017923-16F8-4E32-94EF-0A150BD196FE}
Windows Live Writer-->MsiExec.exe /X{804DE397-F82C-4867-9085-E0AA539A3294}
Windows Live Writer-->MsiExec.exe /X{859D4022-B76D-40DE-96EF-C90CDA263F44}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Live Writer-->MsiExec.exe /X{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}
Windows Live Writer-->MsiExec.exe /X{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}
Windows Live Writer-->MsiExec.exe /X{E62E0550-C098-43A2-B54B-03FB1E634483}
Windows Live 影像中心-->MsiExec.exe /X{EEF99142-3357-402C-B298-DEC303E12D92}
Windows Live 程式集-->MsiExec.exe /I{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}
Windows Live-->MsiExec.exe /I{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
WinFlash-->MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D}
Wireless Console 3-->MsiExec.exe /I{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}
World of Goo-->C:\Program Files (x86)\Asus\Game Park\World of Goo\Uninstall.exe
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις-->MsiExec.exe /I{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}
Συλλογή φωτογραφιών του Windows Live-->MsiExec.exe /X{C00C2A91-6CB3-483F-80B3-2958E29468F1}
Основные компоненты Windows Live-->MsiExec.exe /I{E83DC314-C926-4214-AD58-147691D6FE9F}
Почта Windows Live-->MsiExec.exe /I{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}
Фотоальбом Windows Live-->MsiExec.exe /X{77F69CA1-E53D-4D77-8BA3-FA07606CC851}
Элемент управления Windows Live Mesh ActiveX для удаленных подключений-->MsiExec.exe /I{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}
גלריית התמונות של Windows Live-->MsiExec.exe /X{CE929F09-3853-4180-BD90-30764BFF7136}
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים-->MsiExec.exe /I{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}
بريد Windows Live-->MsiExec.exe /I{0A4C4B29-5A9D-4910-A13C-B920D5758744}
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة-->MsiExec.exe /I{E18B30AA-6E2D-480C-B918-AF61009F4010}
معرض صور Windows Live-->MsiExec.exe /X{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}
適用遠端連線的 Windows Live Mesh ActiveX 控制項-->MsiExec.exe /I{622DE1BE-9EDE-49D3-B349-29D64760342A}

======System event log======

Computer Name: WIN-VRDC5SK5CKV
Event Code: 7040
Message: Režim spuštění služby Windows Search byl změněn z auto start na disabled.
Record Number: 3549
Source Name: Service Control Manager
Time Written: 20120823122656.396651-000
Event Type: Informace
User: ELMO2\Administrator

Computer Name: WIN-VRDC5SK5CKV
Event Code: 1
Message: Došlo ke změně systémového času na hodnotu ‎2012‎-‎08‎-‎23T12:26:53.146000000Z z hodnoty ‎2012‎-‎08‎-‎24T03:26:53.146322200Z.
Record Number: 3548
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20120823122653.146000-000
Event Type: Informace
User: ELMO2\Administrator

Computer Name: WIN-VRDC5SK5CKV
Event Code: 104
Message: Byl vymazán soubor protokolu Setup.
Record Number: 3547
Source Name: Microsoft-Windows-Eventlog
Time Written: 20120823122653.286400-000
Event Type: Informace
User: ELMO2\Administrator

Computer Name: WIN-VRDC5SK5CKV
Event Code: 104
Message: Byl vymazán soubor protokolu Application.
Record Number: 3546
Source Name: Microsoft-Windows-Eventlog
Time Written: 20120823122653.270800-000
Event Type: Informace
User: ELMO2\Administrator

Computer Name: WIN-VRDC5SK5CKV
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 3545
Source Name: Microsoft-Windows-Eventlog
Time Written: 20120823122653.270800-000
Event Type: Informace
User: ELMO2\Administrator

=====Application event log=====

Computer Name: ELMO2
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1947
Source Name: Microsoft-Windows-EventSystem
Time Written: 20120823123012.000000-000
Event Type: Informace
User:

Computer Name: ELMO2
Event Code: 1532
Message: Služba Profil uživatele byla zastavena.


Record Number: 1946
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20120823122659.816501-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: WIN-VRDC5SK5CKV
Event Code: 1003
Message: Služba Windows Search byla spuštěna.

Record Number: 1945
Source Name: Microsoft-Windows-Search
Time Written: 20120823122658.000000-000
Event Type: Informace
User:

Computer Name: WIN-VRDC5SK5CKV
Event Code: 1013
Message: Služba Windows Search byla řádně zastavena.

Record Number: 1944
Source Name: Microsoft-Windows-Search
Time Written: 20120823122656.000000-000
Event Type: Informace
User:

Computer Name: WIN-VRDC5SK5CKV
Event Code: 103
Message: Windows (4416) Windows: Databázový stroj zastavil instanci (0).
Record Number: 1943
Source Name: ESENT
Time Written: 20120823122656.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: WIN-VRDC5SK5CKV
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: WIN-VRDC5SK5CKV$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x2c8
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 4243
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120823122658.635287-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-VRDC5SK5CKV
Event Code: 1100
Message: Služba protokolování událostí byla ukončena.
Record Number: 4242
Source Name: Microsoft-Windows-Eventlog
Time Written: 20120823122659.676101-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-VRDC5SK5CKV
Event Code: 4738
Message: Byl změněn uživatelský účet.

Předmět:
ID zabezpečení: S-1-5-21-2563066766-1230321987-857231328-500
Název účtu: Administrator
Doména účtu: WIN-VRDC5SK5CKV
ID přihlášení: 0x413c0

Cílový účet:
ID zabezpečení: S-1-5-21-2563066766-1230321987-857231328-500
Název účtu: Administrator
Doména účtu: WIN-VRDC5SK5CKV

Změněné atributy:
Název účtu SAM: -
Zobrazovaný název: -
Zaregistrovaný název uživatele: -
Domovský adresář: -
Domovská jednotka: -
Cesta skriptu: -
Cesta profilu: -
Pracovní stanice uživatele: -
Poslední nastavení hesla: -
Vypršení platnosti účtu: -
ID primární skupiny: -
Povolené delegování: -
Původní hodnota UAC: 0x211
Nová hodnota UAC: 0x211
Řízení účtu uživatele: -
Parametry uživatele: -
Historie identifikátoru zabezpečení: -
Přihlašovací hodiny: -

Další informace:
Oprávnění: -
Record Number: 4241
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120823122656.084650-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-VRDC5SK5CKV
Event Code: 4616
Message: Systémový čas byl změněn.

Předmět:
ID zabezpečení: S-1-5-21-2563066766-1230321987-857231328-500
Název účtu: Administrator
Doména účtu: WIN-VRDC5SK5CKV
ID přihlášení: 0x413c0

Informace o procesu:
ID procesu: 0xd40
Název: C:\Preload64\Patch\SETTIMEZ.EXE

Předchozí čas: ‎2012‎-‎08‎-‎24T03:26:53.146322200Z
Nový čas: ‎2012‎-‎08‎-‎23T12:26:53.146000000Z

Tato událost je generována, pokud je změněn systémový čas. Je normální, že systémový čas, který používá systémové oprávnění, se mění pravidelně. Jiné změny systémového času mohou označovat pokusy o manipulaci s počítačem.
Record Number: 4240
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120823122653.146000-000
Event Type: Úspěšný audit
User:

Computer Name: WIN-VRDC5SK5CKV
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-2563066766-1230321987-857231328-500
Název účtu: Administrator
Název domény: WIN-VRDC5SK5CKV
ID přihlášení: 0x413c0
Record Number: 4239
Source Name: Microsoft-Windows-Eventlog
Time Written: 20120823122653.270800-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Trend Micro\AMSP;C:\Program Files (x86)\Pinnacle\Shared Files\;C:\Program Files\MATLAB\R2012b\runtime\win64;C:\Program Files\MATLAB\R2012b\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=8
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"configsetroot"=%SystemRoot%\ConfigSetRoot

-----------------EOF-----------------

Re: Škodlivé programy

Napsal: 29 zář 2012 10:19
od Rudy
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:files
C:\Program Files (x86)\BitTorrentControl_v12
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2563066766-1230321987-857231328-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2563066766-1230321987-857231328-1001UA.job
C:\ProgramData\Ask
C:\Program Files (x86)\Conduit
C:\Windows\unvise32.exe

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Re: Škodlivé programy

Napsal: 29 zář 2012 14:10
od xPajas
Logfile of random's system information tool 1.09 (written by random/random)
Run by Pavel at 2012-09-29 15:07:48
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 97 GB (51%) free of 191 GB
Total RAM: 8097 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:07:50, on 29.9.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\ASUS\APRP\aprp.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\trend micro\Pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3225826
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
R3 - URLSearchHook: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: uTorrentControl_v2 - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe
O4 - HKLM\..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2563066766-1230321987-857231328-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2563066766-1230321987-857231328-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: CyberLink Product - 2012/08/23 20:15:54 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TiMiniService - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15507 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
taskeng.exe {1AA7B61F-E81F-4855-9CB8-AC0777B5A08A}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe"
"C:\Program Files\Trend Micro\Titanium\TiMiniService.exe"
"C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe"
\??\C:\Windows\system32\conhost.exe "-1787130089-50398346141750999614176825245375997618783029851472679810949222537
C:\ExpressGateUtil\VAWinService.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2728
"taskhost.exe"
taskeng.exe {D1423ADF-AAC4-46E2-A53E-D6C38D6D4985}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\P4G\BatteryLife.exe"
taskeng.exe {F38AD706-86E0-43D5-A4DE-28CF4CF1A41D}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
"C:\Windows\AsScrPro.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
C:\Windows\system32\wbem\wmiprvse.exe
ATKOSD.exe
KBFiltr.exe
WDC.exe
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 580491EE-FD01-7426-7D18-5283A7423CCC -Reinvoke
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe"
"C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SF3
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\ASUS\APRP\aprp.exe"
"C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
"C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\ExpressGateUtil\VAWinAgent.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\CyberLink\Shared files\brs.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5744.1.664117429\327204804" --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2405 --ignored=" --type=renderer " /prefetch:12
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/NewScoring/OmniboxSearchSuggest/8/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd16/SpdyImpact/spdy3/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-1-Percent/group_89/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="5744.2.1906077587\1775839268" /prefetch:3
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/NewScoring/OmniboxSearchSuggest/8/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd16/SpdyImpact/spdy3/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-1-Percent/group_89/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="5744.3.1099182722\200237001" /prefetch:3
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/NewScoring/OmniboxSearchSuggest/8/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd16/SpdyImpact/spdy3/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-1-Percent/group_89/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="5744.4.125286327\836645509" /prefetch:3
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/NewScoring/OmniboxSearchSuggest/8/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd16/SpdyImpact/spdy3/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-1-Percent/group_89/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="5744.5.1311062763\312164097" /prefetch:3
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5744.6.293284910\1935120156" --lang=cs --ignored=" --type=renderer " /prefetch:13
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /ArmUpdateExe:"C:\ProgramData\Adobe\ARM\Reader_10.1.0\15961" /MODE:1 /PRODUCT:Reader /VERSION:10 /LANG:CZE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\msiexec.exe /V
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 540 544 552 65536 548
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Users\Pavel\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\MATLAB R2012b Startup Accelerator.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\0habdb41.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@wolfram.com/Mathematica]
"Description"=Wolfram Mathematica Plug-in
"Path"=C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\ZEON/PDF,version=2.0]
"Description"=
"Path"=C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\0habdb41.default\extensions\
{7473b6bd-4691-4744-a82b-7854eb3d70b6}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}]
TmIEPlugInBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17 235344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]
TmBpIeBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll [2010-09-17 264528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}]
TmIEPlugInBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll [2010-09-17 185680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
uTorrentControl_v2 Toolbar - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-18 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13 60576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]
TmBpIeBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17 234832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-18 157672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"=C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [2010-10-08 1123664]
"Trend Micro Client Framework"=C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [2010-10-12 192520]
"Trend Micro Titanium"=C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [2010-09-17 322384]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-06-01 168216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-01 391960]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-01 419096]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-06-10 649608]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2010-08-11 324096]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-03-21 2207848]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-03-13 617120]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-03-13 379552]
"Setwallpaper"=c:\programdata\SetWallpaper.cmd []
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 1271168]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"=C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2012-04-26 3111744]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13 17418928]
"Google Update"=C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 116648]
"Infium"=C:\Program Files (x86)\QIP 2012\qip.exe /autorun []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2012-08-24 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-03-18 11785832]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"=C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [2008-11-03 328992]
"ASUSPRP"=C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2011-04-13 2018032]
"ASUSWebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [2011-02-23 731472]
"FLxHCIm"=C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [2011-02-25 40448]
"SonicMasterTray"=C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [2010-07-10 984400]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17 5732992]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-07 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-09-24 1601536]
"SessionLogon"=C:\ExpressGateUtil\SessionLogon.exe []
"VAWinAgent"=C:\ExpressGateUtil\VAWinAgent.exe [2010-08-13 21504]
"RemoteControl10"=C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]
"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [2010-11-12 75048]
"UpdatePSTShortCut"=C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [2010-11-25 222504]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-05-24 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

Re: Škodlivé programy

Napsal: 29 zář 2012 14:11
od xPajas
======List of files/folders created in the last 3 months======

2012-09-29 15:06:54 ----SHD---- C:\Config.Msi
2012-09-29 15:02:30 ----D---- C:\_OTM
2012-09-26 00:30:54 ----A---- C:\Windows\system32\OxpsConverter.exe
2012-09-25 14:16:48 ----D---- C:\Program Files (x86)\Otočná mapka
2012-09-25 00:10:57 ----D---- C:\Program Files (x86)\uTorrentControl_v2
2012-09-25 00:10:48 ----D---- C:\Program Files (x86)\uTorrent
2012-09-25 00:10:11 ----D---- C:\Users\Pavel\AppData\Roaming\uTorrent
2012-09-24 21:15:33 ----D---- C:\rsit
2012-09-24 21:15:33 ----D---- C:\Program Files (x86)\trend micro
2012-09-24 20:11:48 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-09-23 03:00:46 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-09-23 03:00:46 ----A---- C:\Windows\system32\mshtmled.dll
2012-09-23 03:00:45 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-09-23 03:00:45 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-09-23 03:00:45 ----A---- C:\Windows\system32\ieUnatt.exe
2012-09-23 03:00:45 ----A---- C:\Windows\system32\ieui.dll
2012-09-23 03:00:44 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-09-23 03:00:44 ----A---- C:\Windows\SYSWOW64\url.dll
2012-09-23 03:00:44 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-09-23 03:00:44 ----A---- C:\Windows\system32\urlmon.dll
2012-09-23 03:00:44 ----A---- C:\Windows\system32\url.dll
2012-09-23 03:00:43 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-09-23 03:00:43 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-09-23 03:00:43 ----A---- C:\Windows\system32\wininet.dll
2012-09-23 03:00:43 ----A---- C:\Windows\system32\msfeeds.dll
2012-09-23 03:00:43 ----A---- C:\Windows\system32\jscript9.dll
2012-09-23 03:00:42 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-09-23 03:00:42 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-09-23 03:00:42 ----A---- C:\Windows\system32\vbscript.dll
2012-09-23 03:00:42 ----A---- C:\Windows\system32\jsproxy.dll
2012-09-23 03:00:41 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-09-23 03:00:41 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-09-23 03:00:41 ----A---- C:\Windows\system32\jscript.dll
2012-09-23 03:00:41 ----A---- C:\Windows\system32\iertutil.dll
2012-09-23 03:00:40 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-09-23 03:00:39 ----A---- C:\Windows\system32\mshtml.dll
2012-09-23 03:00:35 ----A---- C:\Windows\system32\ieframe.dll
2012-09-23 03:00:34 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-09-20 10:40:53 ----D---- C:\Program Files\Common Files\Wolfram Research
2012-09-18 18:19:57 ----D---- C:\Program Files (x86)\PANDORA.TV
2012-09-18 18:19:45 ----D---- C:\Program Files (x86)\The KMPlayer
2012-09-18 16:20:41 ----D---- C:\Users\Pavel\AppData\Roaming\Subversion
2012-09-18 16:20:28 ----D---- C:\Users\Pavel\AppData\Roaming\MathWorks
2012-09-18 15:43:36 ----D---- C:\Program Files\MATLAB
2012-09-18 11:43:54 ----D---- C:\ProgramData\Sun
2012-09-18 11:43:47 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll
2012-09-18 11:43:47 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-09-18 11:43:47 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-09-18 11:43:42 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2012-09-18 11:43:42 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-09-18 11:43:42 ----A---- C:\Windows\SYSWOW64\java.exe
2012-09-18 11:43:30 ----D---- C:\Program Files (x86)\Java
2012-09-18 08:42:33 ----D---- C:\Program Files (x86)\Adobe
2012-09-18 08:41:15 ----D---- C:\ProgramData\Adobe
2012-09-17 17:32:23 ----D---- C:\Program Files (x86)\Counter-Strike 1.6 V35
2012-09-17 16:56:31 ----D---- C:\Users\Pavel\AppData\Roaming\GarenaPlus
2012-09-17 16:55:09 ----D---- C:\Program Files (x86)\Garena Plus
2012-09-17 16:55:05 ----D---- C:\ProgramData\GarenaMessenger
2012-09-13 22:45:41 ----D---- C:\Users\Pavel\AppData\Roaming\Mathematica
2012-09-13 22:45:04 ----D---- C:\ProgramData\Mathematica
2012-09-13 22:41:55 ----A---- C:\Windows\SYSWOW64\mlmodule32.dll
2012-09-13 22:41:55 ----A---- C:\Windows\SYSWOW64\ml32i3.dll
2012-09-13 22:41:55 ----A---- C:\Windows\SYSWOW64\ml32i2.dll
2012-09-13 22:41:55 ----A---- C:\Windows\SYSWOW64\ml32i1.dll
2012-09-13 22:41:55 ----A---- C:\Windows\system32\mlmodule64.dll
2012-09-13 22:41:55 ----A---- C:\Windows\system32\ml64i3.dll
2012-09-13 22:41:55 ----A---- C:\Windows\system32\ml64i2.dll
2012-09-13 22:40:38 ----D---- C:\Program Files\Wolfram Research
2012-09-13 17:25:35 ----D---- C:\Users\Pavel\AppData\Roaming\Mozilla
2012-09-13 17:25:21 ----D---- C:\Program Files (x86)\BitTorrent
2012-09-12 18:59:46 ----D---- C:\Users\Pavel\AppData\Roaming\FLEXnet
2012-09-12 18:59:44 ----D---- C:\Users\Pavel\AppData\Roaming\Nuance
2012-09-12 18:59:41 ----D---- C:\Users\Pavel\AppData\Roaming\Zeon
2012-09-12 12:08:01 ----A---- C:\Windows\system32\drivers\ndis.sys
2012-09-12 12:08:00 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2012-09-12 12:08:00 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2012-09-12 12:08:00 ----A---- C:\Windows\system32\d3d10level9.dll
2012-09-12 12:07:59 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-09-12 12:07:59 ----A---- C:\Windows\system32\drivers\netio.sys
2012-09-12 12:07:59 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 13:17:17 ----D---- C:\Program Files (x86)\MSXML 4.0
2012-09-10 22:01:24 ----D---- C:\ProgramData\Pinnacle Studio Ultimate
2012-09-10 21:57:48 ----D---- C:\ProgramData\Studio 15
2012-09-10 21:57:48 ----D---- C:\ProgramData\Pinnacle Studio Plus
2012-09-10 21:57:48 ----D---- C:\Program Files (x86)\Pinnacle
2012-09-10 21:56:15 ----D---- C:\ProgramData\Pinnacle
2012-09-03 16:07:26 ----D---- C:\Users\Pavel\AppData\Roaming\TS3Client
2012-09-01 18:20:09 ----A---- C:\Windows\system32\drivers\bthport.sys
2012-09-01 18:11:42 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2012-09-01 18:11:39 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2012-09-01 18:11:37 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2012-09-01 18:11:32 ----D---- C:\Program Files (x86)\Focus Home Interactive
2012-09-01 11:24:55 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2012-09-01 11:24:55 ----A---- C:\Windows\system32\xmllite.dll
2012-09-01 11:24:54 ----A---- C:\Windows\SYSWOW64\srclient.dll
2012-09-01 11:24:54 ----A---- C:\Windows\system32\srcore.dll
2012-09-01 11:24:52 ----A---- C:\Windows\SYSWOW64\explorer.exe
2012-09-01 11:24:52 ----A---- C:\Windows\explorer.exe
2012-09-01 11:24:49 ----A---- C:\Windows\SYSWOW64\ntshrui.dll
2012-09-01 11:24:49 ----A---- C:\Windows\system32\ntshrui.dll
2012-09-01 11:24:48 ----A---- C:\Windows\system32\tquery.dll
2012-09-01 11:24:48 ----A---- C:\Windows\system32\SearchIndexer.exe
2012-09-01 11:24:48 ----A---- C:\Windows\system32\mssrch.dll
2012-09-01 11:24:47 ----A---- C:\Windows\SYSWOW64\tquery.dll
2012-09-01 11:24:47 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2012-09-01 11:24:47 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2012-09-01 11:24:47 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2012-09-01 11:24:47 ----A---- C:\Windows\SYSWOW64\mssph.dll
2012-09-01 11:24:47 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2012-09-01 11:24:46 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2012-09-01 11:24:46 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2012-09-01 11:24:46 ----A---- C:\Windows\system32\SearchFilterHost.exe
2012-09-01 11:24:46 ----A---- C:\Windows\system32\mssvp.dll
2012-09-01 11:24:46 ----A---- C:\Windows\system32\mssphtb.dll
2012-09-01 11:24:46 ----A---- C:\Windows\system32\mssph.dll
2012-09-01 11:24:45 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2012-09-01 11:24:45 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2012-09-01 11:24:45 ----A---- C:\Windows\system32\msscntrs.dll
2012-09-01 11:24:42 ----A---- C:\Windows\system32\win32spl.dll
2012-09-01 11:24:41 ----A---- C:\Windows\system32\spoolsv.exe
2012-09-01 11:24:40 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2012-09-01 11:24:40 ----A---- C:\Windows\splwow64.exe
2012-09-01 11:24:39 ----A---- C:\Windows\system32\XpsPrint.dll
2012-09-01 11:24:38 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2012-09-01 11:24:33 ----A---- C:\Windows\system32\profsvc.dll
2012-09-01 11:24:33 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2012-09-01 11:24:32 ----A---- C:\Windows\system32\msi.dll
2012-09-01 11:24:31 ----A---- C:\Windows\SYSWOW64\msi.dll
2012-09-01 11:24:30 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2012-09-01 11:24:30 ----A---- C:\Windows\system32\drivers\usbport.sys
2012-09-01 11:24:30 ----A---- C:\Windows\system32\drivers\usbohci.sys
2012-09-01 11:24:30 ----A---- C:\Windows\system32\drivers\usbhub.sys
2012-09-01 11:24:30 ----A---- C:\Windows\system32\drivers\usbehci.sys
2012-09-01 11:24:30 ----A---- C:\Windows\system32\drivers\usbd.sys
2012-09-01 11:24:30 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2012-09-01 11:24:27 ----A---- C:\Windows\SYSWOW64\esent.dll
2012-09-01 11:24:27 ----A---- C:\Windows\system32\fsutil.exe
2012-09-01 11:24:27 ----A---- C:\Windows\system32\esent.dll
2012-09-01 11:24:27 ----A---- C:\Windows\system32\drivers\storport.sys
2012-09-01 11:24:27 ----A---- C:\Windows\system32\drivers\ntfs.sys
2012-09-01 11:24:26 ----A---- C:\Windows\SYSWOW64\fsutil.exe
2012-09-01 11:24:26 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2012-09-01 11:24:26 ----A---- C:\Windows\system32\drivers\nvstor.sys
2012-09-01 11:24:26 ----A---- C:\Windows\system32\drivers\nvraid.sys
2012-09-01 11:24:26 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2012-09-01 11:24:26 ----A---- C:\Windows\system32\drivers\amdxata.sys
2012-09-01 11:24:26 ----A---- C:\Windows\system32\drivers\amdsata.sys
2012-09-01 11:18:15 ----A---- C:\Windows\SYSWOW64\prevhost.exe
2012-09-01 11:18:15 ----A---- C:\Windows\system32\prevhost.exe
2012-09-01 11:07:05 ----D---- C:\Program Files\Common Files\DESIGNER
2012-09-01 11:06:27 ----D---- C:\Program Files\Microsoft Synchronization Services
2012-09-01 11:06:04 ----D---- C:\Program Files\Microsoft Sync Framework
2012-09-01 11:06:04 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2012-09-01 11:06:04 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-09-01 11:05:08 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-09-01 11:04:42 ----D---- C:\Program Files\Microsoft Analysis Services
2012-09-01 11:04:42 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2012-09-01 11:04:33 ----D---- C:\Program Files (x86)\Microsoft Office
2012-09-01 11:04:31 ----D---- C:\Program Files\Microsoft Office
2012-09-01 11:04:30 ----D---- C:\ProgramData\Microsoft Help
2012-09-01 11:04:21 ----RHD---- C:\MSOCache
2012-08-31 19:30:28 ----D---- C:\Users\Pavel\AppData\Roaming\FastStone
2012-08-31 19:28:42 ----D---- C:\Program Files (x86)\FastStone Image Viewer
2012-08-27 23:58:14 ----D---- C:\ProgramData\TamoSoft
2012-08-27 23:57:48 ----D---- C:\Program Files (x86)\CommViewWiFi
2012-08-27 23:57:48 ----A---- C:\Windows\system32\drivers\ts_athwx.sys
2012-08-26 22:56:06 ----D---- C:\Users\Pavel\AppData\Roaming\QIP
2012-08-25 16:09:38 ----D---- C:\Users\Pavel\AppData\Roaming\Macromedia
2012-08-25 12:54:30 ----A---- C:\Windows\system32\perfi005.dat
2012-08-25 12:54:30 ----A---- C:\Windows\system32\perfh005.dat
2012-08-25 12:54:30 ----A---- C:\Windows\system32\perfd005.dat
2012-08-25 12:54:30 ----A---- C:\Windows\system32\perfc005.dat
2012-08-25 12:53:56 ----D---- C:\Windows\SYSWOW64\cs
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\XPSViewer
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\drivers\cs-CZ
2012-08-25 12:53:48 ----D---- C:\Windows\cs-CZ
2012-08-25 12:53:46 ----D---- C:\Windows\system32\cs
2012-08-25 12:53:35 ----D---- C:\Windows\system32\drivers\cs-CZ
2012-08-24 17:48:35 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2012-08-24 15:12:03 ----D---- C:\Windows\SYSWOW64\Wat
2012-08-24 15:12:03 ----D---- C:\Windows\system32\Wat
2012-08-24 12:26:12 ----A---- C:\Windows\system32\browserchoice.exe
2012-08-24 12:19:09 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2012-08-24 12:19:09 ----A---- C:\Windows\system32\imagehlp.dll
2012-08-24 12:19:09 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-08-24 12:19:08 ----A---- C:\Windows\SYSWOW64\wmi.dll
2012-08-24 12:19:08 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-08-24 12:19:08 ----A---- C:\Windows\system32\wmi.dll
2012-08-24 12:19:08 ----A---- C:\Windows\system32\wintrust.dll
2012-08-24 12:12:56 ----A---- C:\Windows\system32\MRT.exe
2012-08-24 11:37:41 ----A---- C:\Windows\system32\odbctrac.dll
2012-08-24 11:37:41 ----A---- C:\Windows\system32\odbccu32.dll
2012-08-24 11:37:41 ----A---- C:\Windows\system32\odbccr32.dll
2012-08-24 11:37:41 ----A---- C:\Windows\system32\odbccp32.dll
2012-08-24 11:37:40 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2012-08-24 11:37:40 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2012-08-24 11:37:40 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2012-08-24 11:37:40 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2012-08-24 11:37:40 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2012-08-24 11:37:37 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-08-24 11:37:37 ----A---- C:\Windows\system32\DWrite.dll
2012-08-24 11:37:29 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2012-08-24 11:37:29 ----A---- C:\Windows\system32\poqexec.exe
2012-08-24 11:37:28 ----A---- C:\Windows\SYSWOW64\quartz.dll
2012-08-24 11:37:28 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2012-08-24 11:37:28 ----A---- C:\Windows\system32\quartz.dll
2012-08-24 11:37:27 ----A---- C:\Windows\system32\qdvd.dll
2012-08-24 11:37:27 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2012-08-24 11:37:27 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2012-08-24 11:37:27 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2012-08-24 11:37:24 ----A---- C:\Windows\SYSWOW64\webio.dll
2012-08-24 11:37:24 ----A---- C:\Windows\system32\webio.dll
2012-08-24 11:37:22 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2012-08-24 11:37:22 ----A---- C:\Windows\system32\msxml6.dll
2012-08-24 11:37:22 ----A---- C:\Windows\system32\msxml3.dll
2012-08-24 11:37:21 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2012-08-24 11:37:21 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2012-08-24 11:37:21 ----A---- C:\Windows\system32\msxml3r.dll
2012-08-24 11:37:20 ----A---- C:\Windows\system32\csrsrv.dll
2012-08-24 11:37:14 ----A---- C:\Windows\system32\shell32.dll
2012-08-24 11:37:12 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-08-24 11:37:11 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-08-24 11:37:11 ----A---- C:\Windows\system32\rdpwsx.dll
2012-08-24 11:37:11 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-08-24 11:37:10 ----A---- C:\Windows\system32\schannel.dll
2012-08-24 11:37:10 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-08-24 11:37:10 ----A---- C:\Windows\system32\drivers\cng.sys
2012-08-24 11:37:09 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-08-24 11:37:09 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2012-08-24 11:37:09 ----A---- C:\Windows\system32\sspicli.dll
2012-08-24 11:37:09 ----A---- C:\Windows\system32\ncrypt.dll
2012-08-24 11:37:09 ----A---- C:\Windows\system32\lsass.exe
2012-08-24 11:37:09 ----A---- C:\Windows\system32\lsasrv.dll
2012-08-24 11:37:09 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-08-24 11:37:08 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-08-24 11:37:08 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-08-24 11:37:08 ----A---- C:\Windows\system32\sspisrv.dll
2012-08-24 11:37:08 ----A---- C:\Windows\system32\secur32.dll
2012-08-24 11:37:02 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-08-24 11:37:00 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-08-24 11:37:00 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-08-24 11:35:56 ----A---- C:\Windows\system32\drivers\srvnet.sys
2012-08-24 11:35:56 ----A---- C:\Windows\system32\drivers\srv2.sys
2012-08-24 11:35:56 ----A---- C:\Windows\system32\drivers\srv.sys
2012-08-24 11:35:54 ----A---- C:\Windows\system32\psisdecd.dll
2012-08-24 11:35:53 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2012-08-24 11:35:52 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-08-24 11:35:51 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-08-24 11:35:51 ----A---- C:\Windows\system32\drivers\afd.sys
2012-08-24 11:35:47 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2012-08-24 11:35:47 ----A---- C:\Windows\system32\cryptsvc.dll
2012-08-24 11:35:47 ----A---- C:\Windows\system32\cryptnet.dll
2012-08-24 11:35:47 ----A---- C:\Windows\system32\crypt32.dll
2012-08-24 11:35:46 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2012-08-24 11:35:46 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2012-08-24 11:35:40 ----A---- C:\Windows\SYSWOW64\netapi32.dll
2012-08-24 11:35:40 ----A---- C:\Windows\SYSWOW64\browcli.dll
2012-08-24 11:35:40 ----A---- C:\Windows\system32\netapi32.dll
2012-08-24 11:35:40 ----A---- C:\Windows\system32\browser.dll
2012-08-24 11:35:40 ----A---- C:\Windows\system32\browcli.dll
2012-08-24 11:35:36 ----A---- C:\Windows\system32\KernelBase.dll
2012-08-24 11:35:36 ----A---- C:\Windows\system32\kernel32.dll
2012-08-24 11:35:35 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2012-08-24 11:35:35 ----A---- C:\Windows\system32\wow64win.dll
2012-08-24 11:35:35 ----A---- C:\Windows\system32\winsrv.dll
2012-08-24 11:35:35 ----A---- C:\Windows\system32\conhost.exe
2012-08-24 11:35:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-24 11:35:34 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-24 11:35:34 ----A---- C:\Windows\SYSWOW64\setup16.exe
2012-08-24 11:35:34 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2012-08-24 11:35:34 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2012-08-24 11:35:34 ----A---- C:\Windows\system32\wow64.dll
2012-08-24 11:35:34 ----A---- C:\Windows\system32\ntvdm64.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-24 11:35:33 ----A---- C:\Windows\SYSWOW64\wow32.dll
2012-08-24 11:35:33 ----A---- C:\Windows\SYSWOW64\instnm.exe
2012-08-24 11:35:33 ----A---- C:\Windows\system32\wow64cpu.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-24 11:35:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-24 11:35:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-24 11:35:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-24 11:35:31 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-24 11:35:31 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-24 11:35:31 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-24 11:35:31 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-24 11:35:31 ----A---- C:\Windows\SYSWOW64\user.exe
2012-08-24 11:35:28 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2012-08-24 11:35:28 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2012-08-24 11:35:28 ----A---- C:\Windows\SYSWOW64\devobj.dll
2012-08-24 11:35:28 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2012-08-24 11:35:28 ----A---- C:\Windows\system32\umpnpmgr.dll
2012-08-24 11:35:16 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2012-08-24 11:35:16 ----A---- C:\Windows\system32\inetcomm.dll
2012-08-24 11:35:15 ----A---- C:\Windows\SYSWOW64\msvcrt.dll
2012-08-24 11:35:15 ----A---- C:\Windows\system32\msvcrt.dll
2012-08-24 11:35:12 ----A---- C:\Windows\system32\win32k.sys
2012-08-24 11:35:11 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2012-08-24 11:35:11 ----A---- C:\Windows\system32\oleacc.dll
2012-08-24 11:35:11 ----A---- C:\Windows\system32\localspl.dll
2012-08-24 11:35:10 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2012-08-24 11:35:10 ----A---- C:\Windows\system32\oleaut32.dll
2012-08-24 11:35:09 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2012-08-24 11:35:09 ----A---- C:\Windows\system32\EncDec.dll
2012-08-24 11:35:03 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-08-24 11:35:03 ----A---- C:\Windows\system32\tzres.dll
2012-08-24 11:34:52 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2012-08-24 11:34:51 ----A---- C:\Windows\system32\cdosys.dll
2012-08-24 11:34:49 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2012-08-24 11:34:49 ----A---- C:\Windows\system32\ntdll.dll
2012-08-24 11:34:48 ----A---- C:\Windows\SYSWOW64\packager.dll
2012-08-24 11:34:48 ----A---- C:\Windows\system32\packager.dll
2012-08-24 11:16:58 ----D---- C:\Windows\Minidump
2012-08-24 05:48:38 ----A---- C:\Windows\AsToolCDVer.txt
2012-08-24 05:48:38 ----A---- C:\Windows\AsRunBar.txt
2012-08-24 05:48:12 ----D---- C:\eSupport
2012-08-24 05:46:39 ----D---- C:\WIMAPPLY
2012-08-24 05:26:52 ----A---- C:\devlist.txt
2012-08-24 05:18:48 ----A---- C:\Windows\AsChkDev.txt
2012-08-24 05:14:52 ----A---- C:\Windows\SYSWOW64\msxml3a.dll
2012-08-24 05:14:52 ----A---- C:\Windows\SYSWOW64\msvcr71.dll
2012-08-24 05:14:52 ----A---- C:\Windows\SYSWOW64\msvcp71.dll
2012-08-24 05:11:00 ----D---- C:\Program Files (x86)\CyberLink
2012-08-24 05:10:59 ----D---- C:\ProgramData\Temp
2012-08-24 05:10:59 ----D---- C:\ProgramData\CyberLink
2012-08-24 05:10:07 ----HD---- C:\ExpressGateUtil
2012-08-24 05:08:57 ----D---- C:\Program Files\ASUS
2012-08-24 05:08:57 ----A---- C:\Windows\system32\ServiceFilter.ini
2012-08-24 05:08:57 ----A---- C:\Windows\system32\RemoveFont.ini
2012-08-24 05:08:57 ----A---- C:\Windows\system32\FBAgent.exe
2012-08-24 05:08:57 ----A---- C:\Windows\system32\FastBoot.ini
2012-08-24 05:08:57 ----A---- C:\Windows\system32\Defrag.ini
2012-08-24 05:08:57 ----A---- C:\Windows\system32\BootTime.ini
2012-08-24 05:08:57 ----A---- C:\Windows\system32\AutoRunFilter.ini
2012-08-24 05:08:46 ----D---- C:\Windows\SYSWOW64\ASUS_Screensaver dir
2012-08-24 05:08:46 ----A---- C:\Windows\SYSWOW64\ASUS_Screensaver.scr
2012-08-24 05:08:44 ----A---- C:\Windows\AsScrPro.exe
2012-08-24 05:08:43 ----A---- C:\Windows\SYSWOW64\ACEngSvr.exe
2012-08-24 05:08:36 ----D---- C:\ProgramData\P4G
2012-08-24 05:08:36 ----D---- C:\Program Files\P4G
2012-08-24 05:06:27 ----D---- C:\Program Files (x86)\Bluetooth Suite
2012-08-24 05:05:20 ----D---- C:\Program Files (x86)\Atheros
2012-08-24 05:05:20 ----A---- C:\Windows\system32\athrx.sys
2012-08-24 05:05:14 ----D---- C:\ProgramData\Atheros
2012-08-24 05:03:50 ----A---- C:\Windows\system32\RTNUninst64.dll
2012-08-24 05:03:50 ----A---- C:\Windows\system32\RtNicProp64.dll
2012-08-24 05:03:50 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2012-08-24 05:03:07 ----D---- C:\ProgramData\SonicFocus
2012-08-24 05:03:05 ----D---- C:\Windows\SYSWOW64\RTCOM
2012-08-24 05:03:05 ----D---- C:\Program Files\Realtek
2012-08-24 05:02:59 ----N---- C:\Windows\system32\drivers\SamSfPa.dat
2012-08-24 05:02:58 ----A---- C:\Windows\system32\WavesGUILib.dll
2012-08-24 05:02:57 ----A---- C:\Windows\SYSWOW64\SFCOM.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SRSWOW64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SRSTSX64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SRSTSH64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SRSHP64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SFSAPO64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SFProc64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SFNHK64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SFHAPO64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SFDAPO64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SFComm64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SFCOM64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SFAPO64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RtPgEx64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RtkCfg64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RtkAPO64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RtkApi64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RTEEP64A.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RTEEL64A.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RTEEG64A.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RTEED64A.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RTCOM64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RP3DHT64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RP3DAA64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RCoRes64.dat
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RCoInst64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2012-08-24 05:02:56 ----N---- C:\Windows\RtlExUpd.dll
2012-08-24 05:02:56 ----HD---- C:\Program Files (x86)\Temp
2012-08-24 05:02:56 ----D---- C:\Program Files (x86)\Realtek
2012-08-24 05:02:56 ----A---- C:\Windows\system32\FMAPO64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSVoiceClarityDLL64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSS2SpeakerDLL64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSNeoPCDLL64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSLimiterDLL64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSLFXAPO64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSGFXAPO64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSGainCompensatorDLL64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSBoostDLL64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSBassEnhancementDLL64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\AERTAR64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\AERTAC64.dll
2012-08-24 05:02:36 ----D---- C:\ProgramData\AmUStor
2012-08-24 05:02:36 ----D---- C:\Program Files (x86)\AmIcoSingLun
2012-08-24 05:02:31 ----D---- C:\Program Files\Elantech
2012-08-24 05:01:40 ----A---- C:\Windows\AsPatch10430001.exe
2012-08-24 05:01:35 ----D---- C:\Program Files\Fresco Logic Inc
2012-08-24 05:00:43 ----A---- C:\Windows\system32\drivers\IntelMEFWVer.dll
2012-08-24 05:00:41 ----A---- C:\Windows\SYSWOW64\log.txt
2012-08-24 05:00:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-08-24 05:00:37 ----A---- C:\Windows\system32\drivers\HECIx64.sys
2012-08-24 05:00:31 ----D---- C:\Windows\SYSWOW64\NV
2012-08-24 05:00:31 ----D---- C:\Windows\system32\NV
2012-08-24 04:59:43 ----D---- C:\ProgramData\NVIDIA
2012-08-24 04:59:04 ----D---- C:\ProgramData\NVIDIA Corporation
2012-08-24 04:59:02 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-08-24 04:58:54 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SYSWOW64\nvoptimusmft.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SYSWOW64\nvdecodemft.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\OpenCL.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvwgf2umx.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvumdshimx.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvoptimusmft.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvoglv64.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvinitx.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvgenco642040.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvdispco642090.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvdecodemft.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvd3dumx.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\drivers\nvpciflt.sys
2012-08-24 04:58:54 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2012-08-24 04:58:53 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2012-08-24 04:58:53 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2012-08-24 04:58:53 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2012-08-24 04:58:53 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2012-08-24 04:58:53 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2012-08-24 04:58:53 ----A---- C:\Windows\system32\nvcuvid.dll
2012-08-24 04:58:53 ----A---- C:\Windows\system32\nvcuvenc.dll
2012-08-24 04:58:53 ----A---- C:\Windows\system32\nvcuda.dll
2012-08-24 04:58:53 ----A---- C:\Windows\system32\nvcompiler.dll
2012-08-24 04:58:53 ----A---- C:\Windows\system32\nvapi64.dll
2012-08-24 04:58:12 ----D---- C:\Program Files\NVIDIA Corporation
2012-08-24 04:58:11 ----D---- C:\NvidiaLogs
2012-08-24 04:57:15 ----D---- C:\ProgramData\Intel
2012-08-24 04:56:08 ----D---- C:\Program Files\Common Files\Intel
2012-08-24 04:54:20 ----D---- C:\Program Files (x86)\Intel
2012-08-24 04:54:20 ----A---- C:\Windows\SYSWOW64\CSVer.dll
2012-08-24 04:54:16 ----D---- C:\Intel
2012-08-24 04:52:49 ----D---- C:\Windows\SoftwareDistribution
2012-08-24 04:49:03 ----ASH---- C:\hiberfil.sys
2012-08-24 04:49:02 ----SHD---- C:\System Volume Information
2012-08-24 04:49:02 ----ASH---- C:\pagefile.sys
2012-08-23 22:58:32 ----D---- C:\Users\Pavel\AppData\Roaming\WinRAR
2012-08-23 22:58:26 ----D---- C:\Program Files\WinRAR
2012-08-23 22:57:41 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2012-08-23 22:57:41 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2012-08-23 22:57:05 ----D---- C:\Program Files (x86)\Winamp Detect
2012-08-23 22:56:52 ----D---- C:\Users\Pavel\AppData\Roaming\Winamp
2012-08-23 22:56:52 ----D---- C:\Program Files (x86)\Winamp
2012-08-23 22:55:24 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client
2012-08-23 22:54:07 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2012-08-23 22:54:01 ----RD---- C:\Program Files (x86)\Skype
2012-08-23 22:53:59 ----D---- C:\ProgramData\Skype
2012-08-23 21:47:02 ----N---- C:\Windows\system32\MpSigStub.exe
2012-08-23 21:46:34 ----D---- C:\Users\Pavel\AppData\Roaming\.purple
2012-08-23 21:46:06 ----D---- C:\Program Files (x86)\Pidgin
2012-08-23 21:44:43 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-08-23 21:44:40 ----D---- C:\Users\Pavel\AppData\Roaming\DAEMON Tools Pro
2012-08-23 21:44:38 ----D---- C:\Program Files (x86)\DAEMON Tools Pro
2012-08-23 21:43:59 ----D---- C:\ProgramData\DAEMON Tools Pro
2012-08-23 21:42:45 ----D---- C:\Program Files\7-Zip
2012-08-23 21:36:29 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-08-23 21:36:28 ----D---- C:\Program Files (x86)\Microsoft Security Client
2012-08-23 21:36:26 ----D---- C:\Program Files\Microsoft Security Client
2012-08-23 21:34:15 ----D---- C:\Users\Pavel\AppData\Roaming\Adobe
2012-08-23 20:49:32 ----A---- C:\Windows\system32\drivers\athrx.sys
2012-08-23 20:49:11 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2012-08-23 20:49:11 ----A---- C:\Windows\system32\rdpcore.dll
2012-08-23 20:49:11 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-08-23 20:41:44 ----A---- C:\Windows\system32\wups2.dll
2012-08-23 20:41:44 ----A---- C:\Windows\system32\wuauclt.exe
2012-08-23 20:41:43 ----A---- C:\Windows\system32\wucltux.dll
2012-08-23 20:41:43 ----A---- C:\Windows\system32\wuaueng.dll
2012-08-23 20:41:24 ----A---- C:\Windows\system32\wups.dll
2012-08-23 20:41:24 ----A---- C:\Windows\system32\wudriver.dll
2012-08-23 20:41:24 ----A---- C:\Windows\system32\wuapi.dll
2012-08-23 20:41:20 ----A---- C:\Windows\system32\wuwebv.dll
2012-08-23 20:41:20 ----A---- C:\Windows\system32\wuapp.exe
2012-08-23 20:39:36 ----D---- C:\Users\Pavel\AppData\Roaming\ASUS WebStorage
2012-08-23 20:36:52 ----D---- C:\Users\Pavel\AppData\Roaming\Identities
2012-08-23 20:36:47 ----D---- C:\Users\Pavel\AppData\Roaming\Google
2012-08-23 20:36:39 ----A---- C:\Windows\system32\acovcnt.exe
2012-08-23 20:36:37 ----D---- C:\ProgramData\FolderView
2012-08-23 20:36:36 ----HD---- C:\ASUS.DAT
2012-08-23 20:36:33 ----SD---- C:\Users\Pavel\AppData\Roaming\Microsoft
2012-08-23 20:36:33 ----D---- C:\Users\Pavel\AppData\Roaming\Media Center Programs

======List of files/folders modified in the last 3 months======

2012-09-29 15:07:50 ----D---- C:\Program Files\Trend Micro
2012-09-29 15:07:24 ----SHD---- C:\Windows\Installer
2012-09-29 15:07:10 ----D---- C:\Windows\Temp
2012-09-29 15:06:42 ----D---- C:\Windows\SysWOW64
2012-09-29 15:05:25 ----D---- C:\Windows\system32\config
2012-09-29 15:05:03 ----D---- C:\Windows\Prefetch
2012-09-29 15:04:35 ----D---- C:\Windows\system32\Tasks
2012-09-29 15:04:16 ----D---- C:\Windows\system32\drivers
2012-09-29 15:02:31 ----RD---- C:\Program Files (x86)
2012-09-29 15:02:31 ----HD---- C:\ProgramData
2012-09-29 15:02:31 ----D---- C:\Windows\Tasks
2012-09-29 15:02:31 ----D---- C:\Windows
2012-09-26 03:00:29 ----D---- C:\Windows\winsxs
2012-09-26 03:00:27 ----AD---- C:\Windows\System32
2012-09-26 00:30:48 ----D---- C:\Windows\system32\catroot
2012-09-23 03:19:38 ----D---- C:\Windows\system32\wdi
2012-09-23 03:16:41 ----D---- C:\Windows\SYSWOW64\migration
2012-09-23 03:16:41 ----D---- C:\Windows\system32\migration
2012-09-23 03:16:41 ----D---- C:\Program Files\Internet Explorer
2012-09-23 03:16:41 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-23 03:01:15 ----D---- C:\Windows\system32\catroot2
2012-09-21 14:47:27 ----RSD---- C:\Windows\Fonts
2012-09-20 10:40:53 ----D---- C:\Program Files\Common Files
2012-09-20 10:40:52 ----D---- C:\Program Files (x86)\Common Files
2012-09-18 16:11:16 ----RSD---- C:\Windows\assembly
2012-09-18 15:43:36 ----RD---- C:\Program Files
2012-09-18 15:38:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-09-17 17:25:01 ----D---- C:\Windows\inf
2012-09-17 17:25:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-09-13 11:41:07 ----D---- C:\Windows\system32\DriverStore
2012-09-12 18:59:44 ----D---- C:\ProgramData\Nuance
2012-09-03 16:27:53 ----D---- C:\Windows\Microsoft.NET
2012-09-01 22:35:51 ----D---- C:\Windows\SYSWOW64\en-US
2012-09-01 22:35:51 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-09-01 22:35:51 ----D---- C:\Windows\system32\en-US
2012-09-01 22:35:51 ----D---- C:\Windows\system32\cs-CZ
2012-09-01 22:35:51 ----D---- C:\Windows\AppPatch
2012-09-01 18:19:22 ----A---- C:\Windows\win.ini
2012-09-01 18:15:33 ----D---- C:\Program Files\Common Files\System
2012-09-01 11:07:06 ----D---- C:\Windows\ShellNew
2012-09-01 11:06:18 ----D---- C:\Program Files (x86)\MSBuild
2012-09-01 11:06:04 ----SD---- C:\ProgramData\Microsoft
2012-08-25 12:53:59 ----D---- C:\Program Files\Windows Sidebar
2012-08-25 12:53:59 ----D---- C:\Program Files (x86)\Windows Sidebar
2012-08-25 12:53:59 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2012-08-25 12:53:59 ----D---- C:\Program Files (x86)\Windows Media Player
2012-08-25 12:53:59 ----D---- C:\Program Files (x86)\Windows Mail
2012-08-25 12:53:59 ----D---- C:\Program Files (x86)\Windows Defender
2012-08-25 12:53:58 ----D---- C:\Windows\servicing
2012-08-25 12:53:58 ----D---- C:\Program Files\Windows Photo Viewer
2012-08-25 12:53:58 ----D---- C:\Program Files\Windows Media Player
2012-08-25 12:53:58 ----D---- C:\Program Files\Windows Mail
2012-08-25 12:53:58 ----D---- C:\Program Files\Windows Journal
2012-08-25 12:53:58 ----D---- C:\Program Files\Windows Defender
2012-08-25 12:53:58 ----D---- C:\Program Files\DVD Maker
2012-08-25 12:53:56 ----D---- C:\Windows\SYSWOW64\winrm
2012-08-25 12:53:56 ----D---- C:\Windows\SYSWOW64\slmgr
2012-08-25 12:53:56 ----D---- C:\Windows\SYSWOW64\migwiz
2012-08-25 12:53:56 ----D---- C:\Windows\ehome
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\WCN
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\wbem
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\Printing_Admin_Scripts
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\MUI
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\DriverStore
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\drivers
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\Dism
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\com
2012-08-25 12:53:48 ----D---- C:\Windows\IME
2012-08-25 12:53:47 ----D---- C:\Windows\system32\winrm
2012-08-25 12:53:47 ----D---- C:\Windows\system32\sysprep
2012-08-25 12:53:47 ----D---- C:\Windows\system32\oobe
2012-08-25 12:53:47 ----D---- C:\Windows\system32\migwiz
2012-08-25 12:53:47 ----D---- C:\Windows\PolicyDefinitions
2012-08-25 12:53:46 ----D---- C:\Windows\system32\slmgr
2012-08-25 12:53:46 ----D---- C:\Windows\system32\Boot
2012-08-25 12:53:35 ----D---- C:\Windows\system32\WCN
2012-08-25 12:53:35 ----D---- C:\Windows\system32\MUI
2012-08-25 12:53:35 ----D---- C:\Windows\system32\drivers\UMDF
2012-08-25 12:53:35 ----D---- C:\Windows\system32\Dism
2012-08-25 12:53:33 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2012-08-25 12:53:32 ----D---- C:\Windows\system32\wbem
2012-08-25 12:53:32 ----D---- C:\Windows\system32\com
2012-08-25 11:26:02 ----D---- C:\Windows\rescache
2012-08-25 01:24:24 ----D---- C:\Windows\SYSWOW64\sysprep
2012-08-25 01:24:24 ----D---- C:\Windows\SYSWOW64\es-ES
2012-08-25 01:24:24 ----D---- C:\Windows\SYSWOW64\drivers\UMDF
2012-08-25 01:24:11 ----D---- C:\Windows\system32\es-ES
2012-08-25 01:24:06 ----D---- C:\Windows\es-ES
2012-08-25 01:23:53 ----D---- C:\Windows\SYSWOW64\ru-RU
2012-08-25 01:23:44 ----D---- C:\Windows\system32\ru-RU
2012-08-25 01:23:28 ----D---- C:\Windows\pt-PT
2012-08-25 01:23:27 ----D---- C:\Windows\SYSWOW64\pt-PT
2012-08-25 01:23:20 ----D---- C:\Windows\system32\pt-PT
2012-08-25 01:22:56 ----D---- C:\Windows\it-IT
2012-08-25 01:22:54 ----D---- C:\Windows\SYSWOW64\oobe
2012-08-25 01:22:54 ----D---- C:\Windows\SYSWOW64\it-IT
2012-08-25 01:22:46 ----D---- C:\Windows\SYSWOW64\Setup
2012-08-25 01:22:44 ----D---- C:\Windows\system32\it-IT
2012-08-25 01:22:36 ----D---- C:\Windows\system32\Setup
2012-08-25 01:22:15 ----D---- C:\Windows\SYSWOW64\zh-TW
2012-08-25 01:22:07 ----D---- C:\Windows\zh-TW
2012-08-25 01:22:06 ----D---- C:\Windows\system32\zh-TW
2012-08-25 01:22:06 ----D---- C:\Windows\Globalization
2012-08-24 21:08:45 ----D---- C:\Windows\SYSWOW64\he-IL
2012-08-24 21:08:38 ----D---- C:\Windows\system32\he-IL
2012-08-24 21:06:37 ----D---- C:\Windows\SYSWOW64\el-GR
2012-08-24 21:06:30 ----D---- C:\Windows\system32\el-GR
2012-08-24 21:04:17 ----D---- C:\Windows\SYSWOW64\de-DE
2012-08-24 21:04:17 ----D---- C:\Windows\de-DE
2012-08-24 21:04:10 ----D---- C:\Windows\system32\de-DE
2012-08-24 21:01:54 ----D---- C:\Windows\fr-FR
2012-08-24 21:01:53 ----D---- C:\Windows\SYSWOW64\fr-FR
2012-08-24 21:01:46 ----D---- C:\Windows\system32\fr-FR
2012-08-24 21:00:00 ----D---- C:\Windows\SYSWOW64\nl-NL
2012-08-24 21:00:00 ----D---- C:\Windows\nl-NL
2012-08-24 20:59:59 ----D---- C:\Windows\system32\nl-NL
2012-08-24 20:57:54 ----D---- C:\Windows\SYSWOW64\ar-SA
2012-08-24 20:57:44 ----D---- C:\Windows\system32\ar-SA
2012-08-24 20:54:54 ----D---- C:\Windows\Logs
2012-08-24 15:13:23 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-08-24 12:12:57 ----D---- C:\Windows\debug
2012-08-24 05:48:18 ----D---- C:\Windows\ASUS
2012-08-24 05:26:48 ----D---- C:\Windows\Log
2012-08-24 04:59:34 ----D---- C:\Windows\Help
2012-08-23 20:58:21 ----D---- C:\Windows\system32\LogFiles
2012-08-23 20:50:39 ----D---- C:\ProgramData\Partner
2012-08-23 20:50:39 ----D---- C:\Program Files\Google
2012-08-23 20:50:39 ----D---- C:\Program Files (x86)\Google
2012-08-23 20:49:22 ----D---- C:\Program Files (x86)\ASUS
2012-08-23 20:41:29 ----D---- C:\Program Files (x86)\Microsoft
2012-08-23 20:40:06 ----D---- C:\Windows\system32\restore
2012-08-23 20:39:37 ----D---- C:\ProgramData\ChangeFolderView
2012-08-23 20:38:30 ----D---- C:\ProgramData\Trend Micro
2012-08-23 20:36:50 ----SHD---- C:\$Recycle.Bin
2012-08-23 20:36:33 ----RD---- C:\Users
2012-08-23 20:35:28 ----SHD---- C:\Recovery
2012-08-23 20:35:28 ----D---- C:\Windows\system32\Recovery
2012-08-23 14:26:59 ----D---- C:\Windows\Panther

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-03-20 203888]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-03-08 25960]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-23 283200]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2010-09-17 105552]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2010-09-17 90704]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2010-09-17 144464]
R2 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
R3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-10-07 2770944]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver; C:\Windows\system32\DRIVERS\FLxHCIc.sys [2011-02-25 302592]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver; C:\Windows\system32\DRIVERS\FLxHCIh.sys [2011-02-25 81920]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-05-24 12259712]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-03-22 2815976]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7; C:\Windows\system32\DRIVERS\ts_athwx.sys [2010-03-02 2103336]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2011-01-25 379520]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-21 325656]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 12600]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2011-03-06 993896]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-14 2009704]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-06-22 625816]
R2 TiMiniService;TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R2 VideAceWindowsService;VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [2010-08-21 77312]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-04-17 247152]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/08/23 20:15:54; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-13 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 Amsp;Trend Micro Solution Platform; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2010-09-17 267480]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-24 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

Re: Škodlivé programy

Napsal: 29 zář 2012 17:03
od Rudy
OTM nemazal. Zkuste to ještě jednou a před skenem vypněte antivir. V pravém okně OTM se při mazání musí zobrazovat průběh.

Re: Škodlivé programy

Napsal: 29 zář 2012 18:04
od xPajas
All processes killed
========== FILES ==========
File/Folder C:\Program Files (x86)\BitTorrentControl_v12 not found.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2563066766-1230321987-857231328-1001Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2563066766-1230321987-857231328-1001UA.job moved successfully.
C:\ProgramData\Ask\APN-Stub\PTV\Local folder moved successfully.
C:\ProgramData\Ask\APN-Stub\PTV folder moved successfully.
C:\ProgramData\Ask\APN-Stub folder moved successfully.
C:\ProgramData\Ask folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Windows\unvise32.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Pavel
->Temp folder emptied: 7403367273 bytes
->Temporary Internet Files folder emptied: 8347686 bytes
->Java cache emptied: 779270 bytes
->FireFox cache emptied: 19892340 bytes
->Google Chrome cache emptied: 257942508 bytes
->Flash cache emptied: 1393 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 282141944 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,603.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Pavel
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 09292012_150230

Files moved on Reboot...
C:\Users\Pavel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Něco se přesunulo, něco se nenašlo.

Re: Škodlivé programy

Napsal: 29 zář 2012 18:15
od Rudy
OK. Dvouklikem na soubor C:\Program Files\trend micro\Pavel.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3225826
R3 - URLSearchHook: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
R3 - URLSearchHook: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
O2 - BHO: uTorrentControl_v2 - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakobec restartujte PC.

Re: Škodlivé programy

Napsal: 29 zář 2012 18:31
od xPajas
Logfile of random's system information tool 1.09 (written by random/random)
Run by Pavel at 2012-09-29 19:30:32
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 95 GB (50%) free of 191 GB
Total RAM: 8097 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:30:36, on 29.9.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: uTorrentControl_v2 - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2563066766-1230321987-857231328-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2563066766-1230321987-857231328-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: CyberLink Product - 2012/08/23 20:15:54 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TiMiniService - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14738 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
taskeng.exe {D9F80B56-0374-4305-B675-77EFA4BA5585}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe"
"C:\Program Files\Trend Micro\Titanium\TiMiniService.exe"
C:\ExpressGateUtil\VAWinService.exe
"C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe"
\??\C:\Windows\system32\conhost.exe "1758340769-1656080537-1709581901-320007517-323961387-1614765743-873781707-1382606471
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2512
"taskhost.exe"
taskeng.exe {E15FBCF7-4ED8-4F8C-9721-D8205D5CE0E9}
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey FB38178F-25F4-FF6C-2A05-292700AAA9E5 -Reinvoke
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\P4G\BatteryLife.exe"
taskeng.exe {11D75466-9E9D-4C02-AA68-6E936C27932C}
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SF3
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Windows\AsScrPro.exe"
"C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
"C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\ExpressGateUtil\VAWinAgent.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\CyberLink\Shared files\brs.exe"
ATKOSD.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
KBFiltr.exe
WDC.exe
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 540 544 552 65536 548
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6544.1.1406766244\865901110" --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2405 --ignored=" --type=renderer " /prefetch:12
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/NewScoring/OmniboxSearchSuggest/8/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_89/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="6544.2.1138420922\1536743137" /prefetch:3
"C:\Program Files (x86)\Pidgin\pidgin.exe"
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/NewScoring/OmniboxSearchSuggest/8/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_89/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="6544.3.402008553\1345037202" /prefetch:3
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Users\Pavel\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\MATLAB R2012b Startup Accelerator.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\0habdb41.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@wolfram.com/Mathematica]
"Description"=Wolfram Mathematica Plug-in
"Path"=C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\ZEON/PDF,version=2.0]
"Description"=
"Path"=C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\0habdb41.default\extensions\
{7473b6bd-4691-4744-a82b-7854eb3d70b6}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}]
TmIEPlugInBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17 235344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]
TmBpIeBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll [2010-09-17 264528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}]
TmIEPlugInBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll [2010-09-17 185680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
uTorrentControl_v2 Toolbar - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-18 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13 60576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]
TmBpIeBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17 234832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-18 157672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"=C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [2010-10-08 1123664]
"Trend Micro Client Framework"=C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [2010-10-12 192520]
"Trend Micro Titanium"=C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [2010-09-17 322384]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-06-01 168216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-01 391960]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-01 419096]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-06-10 649608]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2010-08-11 324096]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-03-21 2207848]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-03-13 617120]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-03-13 379552]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 1271168]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"=C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2012-04-26 3111744]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13 17418928]
"Google Update"=C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 116648]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2012-08-24 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-03-18 11785832]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"=C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [2008-11-03 328992]
"ASUSPRP"=C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2011-04-13 2018032]
"ASUSWebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [2011-02-23 731472]
"FLxHCIm"=C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [2011-02-25 40448]
"SonicMasterTray"=C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [2010-07-10 984400]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17 5732992]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-07 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-09-24 1601536]
"VAWinAgent"=C:\ExpressGateUtil\VAWinAgent.exe [2010-08-13 21504]
"RemoteControl10"=C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]
"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [2010-11-12 75048]
"UpdatePSTShortCut"=C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [2010-11-25 222504]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-05-24 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

Re: Škodlivé programy

Napsal: 29 zář 2012 18:33
od xPajas
======List of files/folders created in the last 3 months======

2012-09-29 19:30:32 ----D---- C:\rsit
2012-09-29 19:21:49 ----D---- C:\Program Files\CCleaner
2012-09-29 15:06:54 ----SHD---- C:\Config.Msi
2012-09-26 00:30:54 ----A---- C:\Windows\system32\OxpsConverter.exe
2012-09-25 14:16:48 ----D---- C:\Program Files (x86)\Otočná mapka
2012-09-25 00:10:57 ----D---- C:\Program Files (x86)\uTorrentControl_v2
2012-09-25 00:10:48 ----D---- C:\Program Files (x86)\uTorrent
2012-09-25 00:10:11 ----D---- C:\Users\Pavel\AppData\Roaming\uTorrent
2012-09-24 21:15:33 ----D---- C:\Program Files (x86)\trend micro
2012-09-24 20:11:48 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-09-23 03:00:46 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-09-23 03:00:46 ----A---- C:\Windows\system32\mshtmled.dll
2012-09-23 03:00:45 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-09-23 03:00:45 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-09-23 03:00:45 ----A---- C:\Windows\system32\ieUnatt.exe
2012-09-23 03:00:45 ----A---- C:\Windows\system32\ieui.dll
2012-09-23 03:00:44 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-09-23 03:00:44 ----A---- C:\Windows\SYSWOW64\url.dll
2012-09-23 03:00:44 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-09-23 03:00:44 ----A---- C:\Windows\system32\urlmon.dll
2012-09-23 03:00:44 ----A---- C:\Windows\system32\url.dll
2012-09-23 03:00:43 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-09-23 03:00:43 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-09-23 03:00:43 ----A---- C:\Windows\system32\wininet.dll
2012-09-23 03:00:43 ----A---- C:\Windows\system32\msfeeds.dll
2012-09-23 03:00:43 ----A---- C:\Windows\system32\jscript9.dll
2012-09-23 03:00:42 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-09-23 03:00:42 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-09-23 03:00:42 ----A---- C:\Windows\system32\vbscript.dll
2012-09-23 03:00:42 ----A---- C:\Windows\system32\jsproxy.dll
2012-09-23 03:00:41 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-09-23 03:00:41 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-09-23 03:00:41 ----A---- C:\Windows\system32\jscript.dll
2012-09-23 03:00:41 ----A---- C:\Windows\system32\iertutil.dll
2012-09-23 03:00:40 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-09-23 03:00:39 ----A---- C:\Windows\system32\mshtml.dll
2012-09-23 03:00:35 ----A---- C:\Windows\system32\ieframe.dll
2012-09-23 03:00:34 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-09-20 10:40:53 ----D---- C:\Program Files\Common Files\Wolfram Research
2012-09-18 18:19:57 ----D---- C:\Program Files (x86)\PANDORA.TV
2012-09-18 18:19:45 ----D---- C:\Program Files (x86)\The KMPlayer
2012-09-18 16:20:41 ----D---- C:\Users\Pavel\AppData\Roaming\Subversion
2012-09-18 16:20:28 ----D---- C:\Users\Pavel\AppData\Roaming\MathWorks
2012-09-18 15:43:36 ----D---- C:\Program Files\MATLAB
2012-09-18 11:43:54 ----D---- C:\ProgramData\Sun
2012-09-18 11:43:47 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll
2012-09-18 11:43:47 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-09-18 11:43:47 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-09-18 11:43:42 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2012-09-18 11:43:42 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-09-18 11:43:42 ----A---- C:\Windows\SYSWOW64\java.exe
2012-09-18 11:43:30 ----D---- C:\Program Files (x86)\Java
2012-09-18 08:42:33 ----D---- C:\Program Files (x86)\Adobe
2012-09-18 08:41:15 ----D---- C:\ProgramData\Adobe
2012-09-17 17:32:23 ----D---- C:\Program Files (x86)\Counter-Strike 1.6 V35
2012-09-17 16:56:31 ----D---- C:\Users\Pavel\AppData\Roaming\GarenaPlus
2012-09-17 16:55:09 ----D---- C:\Program Files (x86)\Garena Plus
2012-09-17 16:55:05 ----D---- C:\ProgramData\GarenaMessenger
2012-09-13 22:45:41 ----D---- C:\Users\Pavel\AppData\Roaming\Mathematica
2012-09-13 22:45:04 ----D---- C:\ProgramData\Mathematica
2012-09-13 22:41:55 ----A---- C:\Windows\SYSWOW64\mlmodule32.dll
2012-09-13 22:41:55 ----A---- C:\Windows\SYSWOW64\ml32i3.dll
2012-09-13 22:41:55 ----A---- C:\Windows\SYSWOW64\ml32i2.dll
2012-09-13 22:41:55 ----A---- C:\Windows\SYSWOW64\ml32i1.dll
2012-09-13 22:41:55 ----A---- C:\Windows\system32\mlmodule64.dll
2012-09-13 22:41:55 ----A---- C:\Windows\system32\ml64i3.dll
2012-09-13 22:41:55 ----A---- C:\Windows\system32\ml64i2.dll
2012-09-13 22:40:38 ----D---- C:\Program Files\Wolfram Research
2012-09-13 17:25:35 ----D---- C:\Users\Pavel\AppData\Roaming\Mozilla
2012-09-13 17:25:21 ----D---- C:\Program Files (x86)\BitTorrent
2012-09-12 18:59:46 ----D---- C:\Users\Pavel\AppData\Roaming\FLEXnet
2012-09-12 18:59:44 ----D---- C:\Users\Pavel\AppData\Roaming\Nuance
2012-09-12 18:59:41 ----D---- C:\Users\Pavel\AppData\Roaming\Zeon
2012-09-12 12:08:01 ----A---- C:\Windows\system32\drivers\ndis.sys
2012-09-12 12:08:00 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2012-09-12 12:08:00 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2012-09-12 12:08:00 ----A---- C:\Windows\system32\d3d10level9.dll
2012-09-12 12:07:59 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-09-12 12:07:59 ----A---- C:\Windows\system32\drivers\netio.sys
2012-09-12 12:07:59 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 13:17:17 ----D---- C:\Program Files (x86)\MSXML 4.0
2012-09-10 22:01:24 ----D---- C:\ProgramData\Pinnacle Studio Ultimate
2012-09-10 21:57:48 ----D---- C:\ProgramData\Studio 15
2012-09-10 21:57:48 ----D---- C:\ProgramData\Pinnacle Studio Plus
2012-09-10 21:57:48 ----D---- C:\Program Files (x86)\Pinnacle
2012-09-10 21:56:15 ----D---- C:\ProgramData\Pinnacle
2012-09-03 16:07:26 ----D---- C:\Users\Pavel\AppData\Roaming\TS3Client
2012-09-01 18:20:09 ----A---- C:\Windows\system32\drivers\bthport.sys
2012-09-01 18:11:42 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2012-09-01 18:11:42 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2012-09-01 18:11:41 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2012-09-01 18:11:40 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2012-09-01 18:11:39 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2012-09-01 18:11:38 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2012-09-01 18:11:37 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2012-09-01 18:11:32 ----D---- C:\Program Files (x86)\Focus Home Interactive
2012-09-01 11:24:55 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2012-09-01 11:24:55 ----A---- C:\Windows\system32\xmllite.dll
2012-09-01 11:24:54 ----A---- C:\Windows\SYSWOW64\srclient.dll
2012-09-01 11:24:54 ----A---- C:\Windows\system32\srcore.dll
2012-09-01 11:24:52 ----A---- C:\Windows\SYSWOW64\explorer.exe
2012-09-01 11:24:52 ----A---- C:\Windows\explorer.exe
2012-09-01 11:24:49 ----A---- C:\Windows\SYSWOW64\ntshrui.dll
2012-09-01 11:24:49 ----A---- C:\Windows\system32\ntshrui.dll
2012-09-01 11:24:48 ----A---- C:\Windows\system32\tquery.dll
2012-09-01 11:24:48 ----A---- C:\Windows\system32\SearchIndexer.exe
2012-09-01 11:24:48 ----A---- C:\Windows\system32\mssrch.dll
2012-09-01 11:24:47 ----A---- C:\Windows\SYSWOW64\tquery.dll
2012-09-01 11:24:47 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2012-09-01 11:24:47 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2012-09-01 11:24:47 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2012-09-01 11:24:47 ----A---- C:\Windows\SYSWOW64\mssph.dll
2012-09-01 11:24:47 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2012-09-01 11:24:46 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2012-09-01 11:24:46 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2012-09-01 11:24:46 ----A---- C:\Windows\system32\SearchFilterHost.exe
2012-09-01 11:24:46 ----A---- C:\Windows\system32\mssvp.dll
2012-09-01 11:24:46 ----A---- C:\Windows\system32\mssphtb.dll
2012-09-01 11:24:46 ----A---- C:\Windows\system32\mssph.dll
2012-09-01 11:24:45 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2012-09-01 11:24:45 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2012-09-01 11:24:45 ----A---- C:\Windows\system32\msscntrs.dll
2012-09-01 11:24:42 ----A---- C:\Windows\system32\win32spl.dll
2012-09-01 11:24:41 ----A---- C:\Windows\system32\spoolsv.exe
2012-09-01 11:24:40 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2012-09-01 11:24:40 ----A---- C:\Windows\splwow64.exe
2012-09-01 11:24:39 ----A---- C:\Windows\system32\XpsPrint.dll
2012-09-01 11:24:38 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2012-09-01 11:24:33 ----A---- C:\Windows\system32\profsvc.dll
2012-09-01 11:24:33 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2012-09-01 11:24:32 ----A---- C:\Windows\system32\msi.dll
2012-09-01 11:24:31 ----A---- C:\Windows\SYSWOW64\msi.dll
2012-09-01 11:24:30 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2012-09-01 11:24:30 ----A---- C:\Windows\system32\drivers\usbport.sys
2012-09-01 11:24:30 ----A---- C:\Windows\system32\drivers\usbohci.sys
2012-09-01 11:24:30 ----A---- C:\Windows\system32\drivers\usbhub.sys
2012-09-01 11:24:30 ----A---- C:\Windows\system32\drivers\usbehci.sys
2012-09-01 11:24:30 ----A---- C:\Windows\system32\drivers\usbd.sys
2012-09-01 11:24:30 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2012-09-01 11:24:27 ----A---- C:\Windows\SYSWOW64\esent.dll
2012-09-01 11:24:27 ----A---- C:\Windows\system32\fsutil.exe
2012-09-01 11:24:27 ----A---- C:\Windows\system32\esent.dll
2012-09-01 11:24:27 ----A---- C:\Windows\system32\drivers\storport.sys
2012-09-01 11:24:27 ----A---- C:\Windows\system32\drivers\ntfs.sys
2012-09-01 11:24:26 ----A---- C:\Windows\SYSWOW64\fsutil.exe
2012-09-01 11:24:26 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2012-09-01 11:24:26 ----A---- C:\Windows\system32\drivers\nvstor.sys
2012-09-01 11:24:26 ----A---- C:\Windows\system32\drivers\nvraid.sys
2012-09-01 11:24:26 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2012-09-01 11:24:26 ----A---- C:\Windows\system32\drivers\amdxata.sys
2012-09-01 11:24:26 ----A---- C:\Windows\system32\drivers\amdsata.sys
2012-09-01 11:18:15 ----A---- C:\Windows\SYSWOW64\prevhost.exe
2012-09-01 11:18:15 ----A---- C:\Windows\system32\prevhost.exe
2012-09-01 11:07:05 ----D---- C:\Program Files\Common Files\DESIGNER
2012-09-01 11:06:27 ----D---- C:\Program Files\Microsoft Synchronization Services
2012-09-01 11:06:04 ----D---- C:\Program Files\Microsoft Sync Framework
2012-09-01 11:06:04 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2012-09-01 11:06:04 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-09-01 11:05:08 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-09-01 11:04:42 ----D---- C:\Program Files\Microsoft Analysis Services
2012-09-01 11:04:42 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2012-09-01 11:04:33 ----D---- C:\Program Files (x86)\Microsoft Office
2012-09-01 11:04:31 ----D---- C:\Program Files\Microsoft Office
2012-09-01 11:04:30 ----D---- C:\ProgramData\Microsoft Help
2012-09-01 11:04:21 ----RHD---- C:\MSOCache
2012-08-31 19:30:28 ----D---- C:\Users\Pavel\AppData\Roaming\FastStone
2012-08-31 19:28:42 ----D---- C:\Program Files (x86)\FastStone Image Viewer
2012-08-27 23:58:14 ----D---- C:\ProgramData\TamoSoft
2012-08-27 23:57:48 ----D---- C:\Program Files (x86)\CommViewWiFi
2012-08-27 23:57:48 ----A---- C:\Windows\system32\drivers\ts_athwx.sys
2012-08-26 22:56:06 ----D---- C:\Users\Pavel\AppData\Roaming\QIP
2012-08-25 16:09:38 ----D---- C:\Users\Pavel\AppData\Roaming\Macromedia
2012-08-25 12:54:30 ----A---- C:\Windows\system32\perfi005.dat
2012-08-25 12:54:30 ----A---- C:\Windows\system32\perfh005.dat
2012-08-25 12:54:30 ----A---- C:\Windows\system32\perfd005.dat
2012-08-25 12:54:30 ----A---- C:\Windows\system32\perfc005.dat
2012-08-25 12:53:56 ----D---- C:\Windows\SYSWOW64\cs
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\XPSViewer
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\drivers\cs-CZ
2012-08-25 12:53:48 ----D---- C:\Windows\cs-CZ
2012-08-25 12:53:46 ----D---- C:\Windows\system32\cs
2012-08-25 12:53:35 ----D---- C:\Windows\system32\drivers\cs-CZ
2012-08-24 17:48:35 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2012-08-24 15:12:03 ----D---- C:\Windows\SYSWOW64\Wat
2012-08-24 15:12:03 ----D---- C:\Windows\system32\Wat
2012-08-24 12:26:12 ----A---- C:\Windows\system32\browserchoice.exe
2012-08-24 12:19:09 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2012-08-24 12:19:09 ----A---- C:\Windows\system32\imagehlp.dll
2012-08-24 12:19:09 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-08-24 12:19:08 ----A---- C:\Windows\SYSWOW64\wmi.dll
2012-08-24 12:19:08 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-08-24 12:19:08 ----A---- C:\Windows\system32\wmi.dll
2012-08-24 12:19:08 ----A---- C:\Windows\system32\wintrust.dll
2012-08-24 12:12:56 ----A---- C:\Windows\system32\MRT.exe
2012-08-24 11:37:41 ----A---- C:\Windows\system32\odbctrac.dll
2012-08-24 11:37:41 ----A---- C:\Windows\system32\odbccu32.dll
2012-08-24 11:37:41 ----A---- C:\Windows\system32\odbccr32.dll
2012-08-24 11:37:41 ----A---- C:\Windows\system32\odbccp32.dll
2012-08-24 11:37:40 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2012-08-24 11:37:40 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2012-08-24 11:37:40 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2012-08-24 11:37:40 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2012-08-24 11:37:40 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2012-08-24 11:37:37 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-08-24 11:37:37 ----A---- C:\Windows\system32\DWrite.dll
2012-08-24 11:37:29 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2012-08-24 11:37:29 ----A---- C:\Windows\system32\poqexec.exe
2012-08-24 11:37:28 ----A---- C:\Windows\SYSWOW64\quartz.dll
2012-08-24 11:37:28 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2012-08-24 11:37:28 ----A---- C:\Windows\system32\quartz.dll
2012-08-24 11:37:27 ----A---- C:\Windows\system32\qdvd.dll
2012-08-24 11:37:27 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2012-08-24 11:37:27 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2012-08-24 11:37:27 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2012-08-24 11:37:24 ----A---- C:\Windows\SYSWOW64\webio.dll
2012-08-24 11:37:24 ----A---- C:\Windows\system32\webio.dll
2012-08-24 11:37:22 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2012-08-24 11:37:22 ----A---- C:\Windows\system32\msxml6.dll
2012-08-24 11:37:22 ----A---- C:\Windows\system32\msxml3.dll
2012-08-24 11:37:21 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2012-08-24 11:37:21 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2012-08-24 11:37:21 ----A---- C:\Windows\system32\msxml3r.dll
2012-08-24 11:37:20 ----A---- C:\Windows\system32\csrsrv.dll
2012-08-24 11:37:14 ----A---- C:\Windows\system32\shell32.dll
2012-08-24 11:37:12 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-08-24 11:37:11 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-08-24 11:37:11 ----A---- C:\Windows\system32\rdpwsx.dll
2012-08-24 11:37:11 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-08-24 11:37:10 ----A---- C:\Windows\system32\schannel.dll
2012-08-24 11:37:10 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-08-24 11:37:10 ----A---- C:\Windows\system32\drivers\cng.sys
2012-08-24 11:37:09 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-08-24 11:37:09 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2012-08-24 11:37:09 ----A---- C:\Windows\system32\sspicli.dll
2012-08-24 11:37:09 ----A---- C:\Windows\system32\ncrypt.dll
2012-08-24 11:37:09 ----A---- C:\Windows\system32\lsass.exe
2012-08-24 11:37:09 ----A---- C:\Windows\system32\lsasrv.dll
2012-08-24 11:37:09 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-08-24 11:37:08 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-08-24 11:37:08 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-08-24 11:37:08 ----A---- C:\Windows\system32\sspisrv.dll
2012-08-24 11:37:08 ----A---- C:\Windows\system32\secur32.dll
2012-08-24 11:37:02 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-08-24 11:37:00 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-08-24 11:37:00 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-08-24 11:35:56 ----A---- C:\Windows\system32\drivers\srvnet.sys
2012-08-24 11:35:56 ----A---- C:\Windows\system32\drivers\srv2.sys
2012-08-24 11:35:56 ----A---- C:\Windows\system32\drivers\srv.sys
2012-08-24 11:35:54 ----A---- C:\Windows\system32\psisdecd.dll
2012-08-24 11:35:53 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2012-08-24 11:35:52 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-08-24 11:35:51 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-08-24 11:35:51 ----A---- C:\Windows\system32\drivers\afd.sys
2012-08-24 11:35:47 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2012-08-24 11:35:47 ----A---- C:\Windows\system32\cryptsvc.dll
2012-08-24 11:35:47 ----A---- C:\Windows\system32\cryptnet.dll
2012-08-24 11:35:47 ----A---- C:\Windows\system32\crypt32.dll
2012-08-24 11:35:46 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2012-08-24 11:35:46 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2012-08-24 11:35:40 ----A---- C:\Windows\SYSWOW64\netapi32.dll
2012-08-24 11:35:40 ----A---- C:\Windows\SYSWOW64\browcli.dll
2012-08-24 11:35:40 ----A---- C:\Windows\system32\netapi32.dll
2012-08-24 11:35:40 ----A---- C:\Windows\system32\browser.dll
2012-08-24 11:35:40 ----A---- C:\Windows\system32\browcli.dll
2012-08-24 11:35:36 ----A---- C:\Windows\system32\KernelBase.dll
2012-08-24 11:35:36 ----A---- C:\Windows\system32\kernel32.dll
2012-08-24 11:35:35 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2012-08-24 11:35:35 ----A---- C:\Windows\system32\wow64win.dll
2012-08-24 11:35:35 ----A---- C:\Windows\system32\winsrv.dll
2012-08-24 11:35:35 ----A---- C:\Windows\system32\conhost.exe
2012-08-24 11:35:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-24 11:35:34 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-24 11:35:34 ----A---- C:\Windows\SYSWOW64\setup16.exe
2012-08-24 11:35:34 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2012-08-24 11:35:34 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2012-08-24 11:35:34 ----A---- C:\Windows\system32\wow64.dll
2012-08-24 11:35:34 ----A---- C:\Windows\system32\ntvdm64.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-24 11:35:33 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-24 11:35:33 ----A---- C:\Windows\SYSWOW64\wow32.dll
2012-08-24 11:35:33 ----A---- C:\Windows\SYSWOW64\instnm.exe
2012-08-24 11:35:33 ----A---- C:\Windows\system32\wow64cpu.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-24 11:35:32 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-24 11:35:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-24 11:35:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-24 11:35:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-24 11:35:31 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-24 11:35:31 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-24 11:35:31 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-24 11:35:31 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-24 11:35:31 ----A---- C:\Windows\SYSWOW64\user.exe
2012-08-24 11:35:28 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2012-08-24 11:35:28 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2012-08-24 11:35:28 ----A---- C:\Windows\SYSWOW64\devobj.dll
2012-08-24 11:35:28 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2012-08-24 11:35:28 ----A---- C:\Windows\system32\umpnpmgr.dll
2012-08-24 11:35:16 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2012-08-24 11:35:16 ----A---- C:\Windows\system32\inetcomm.dll
2012-08-24 11:35:15 ----A---- C:\Windows\SYSWOW64\msvcrt.dll
2012-08-24 11:35:15 ----A---- C:\Windows\system32\msvcrt.dll
2012-08-24 11:35:12 ----A---- C:\Windows\system32\win32k.sys
2012-08-24 11:35:11 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2012-08-24 11:35:11 ----A---- C:\Windows\system32\oleacc.dll
2012-08-24 11:35:11 ----A---- C:\Windows\system32\localspl.dll
2012-08-24 11:35:10 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2012-08-24 11:35:10 ----A---- C:\Windows\system32\oleaut32.dll
2012-08-24 11:35:09 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2012-08-24 11:35:09 ----A---- C:\Windows\system32\EncDec.dll
2012-08-24 11:35:03 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-08-24 11:35:03 ----A---- C:\Windows\system32\tzres.dll
2012-08-24 11:34:52 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2012-08-24 11:34:51 ----A---- C:\Windows\system32\cdosys.dll
2012-08-24 11:34:49 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2012-08-24 11:34:49 ----A---- C:\Windows\system32\ntdll.dll
2012-08-24 11:34:48 ----A---- C:\Windows\SYSWOW64\packager.dll
2012-08-24 11:34:48 ----A---- C:\Windows\system32\packager.dll
2012-08-24 11:16:58 ----D---- C:\Windows\Minidump
2012-08-24 05:48:38 ----A---- C:\Windows\AsToolCDVer.txt
2012-08-24 05:48:38 ----A---- C:\Windows\AsRunBar.txt
2012-08-24 05:48:12 ----D---- C:\eSupport
2012-08-24 05:46:39 ----D---- C:\WIMAPPLY
2012-08-24 05:26:52 ----A---- C:\devlist.txt
2012-08-24 05:18:48 ----A---- C:\Windows\AsChkDev.txt
2012-08-24 05:14:52 ----A---- C:\Windows\SYSWOW64\msxml3a.dll
2012-08-24 05:14:52 ----A---- C:\Windows\SYSWOW64\msvcr71.dll
2012-08-24 05:14:52 ----A---- C:\Windows\SYSWOW64\msvcp71.dll
2012-08-24 05:11:00 ----D---- C:\Program Files (x86)\CyberLink
2012-08-24 05:10:59 ----D---- C:\ProgramData\Temp
2012-08-24 05:10:59 ----D---- C:\ProgramData\CyberLink
2012-08-24 05:10:07 ----HD---- C:\ExpressGateUtil
2012-08-24 05:08:57 ----D---- C:\Program Files\ASUS
2012-08-24 05:08:57 ----A---- C:\Windows\system32\ServiceFilter.ini
2012-08-24 05:08:57 ----A---- C:\Windows\system32\RemoveFont.ini
2012-08-24 05:08:57 ----A---- C:\Windows\system32\FBAgent.exe
2012-08-24 05:08:57 ----A---- C:\Windows\system32\FastBoot.ini
2012-08-24 05:08:57 ----A---- C:\Windows\system32\Defrag.ini
2012-08-24 05:08:57 ----A---- C:\Windows\system32\BootTime.ini
2012-08-24 05:08:57 ----A---- C:\Windows\system32\AutoRunFilter.ini
2012-08-24 05:08:46 ----D---- C:\Windows\SYSWOW64\ASUS_Screensaver dir
2012-08-24 05:08:46 ----A---- C:\Windows\SYSWOW64\ASUS_Screensaver.scr
2012-08-24 05:08:44 ----A---- C:\Windows\AsScrPro.exe
2012-08-24 05:08:43 ----A---- C:\Windows\SYSWOW64\ACEngSvr.exe
2012-08-24 05:08:36 ----D---- C:\ProgramData\P4G
2012-08-24 05:08:36 ----D---- C:\Program Files\P4G
2012-08-24 05:06:27 ----D---- C:\Program Files (x86)\Bluetooth Suite
2012-08-24 05:05:20 ----D---- C:\Program Files (x86)\Atheros
2012-08-24 05:05:20 ----A---- C:\Windows\system32\athrx.sys
2012-08-24 05:05:14 ----D---- C:\ProgramData\Atheros
2012-08-24 05:03:50 ----A---- C:\Windows\system32\RTNUninst64.dll
2012-08-24 05:03:50 ----A---- C:\Windows\system32\RtNicProp64.dll
2012-08-24 05:03:50 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2012-08-24 05:03:07 ----D---- C:\ProgramData\SonicFocus
2012-08-24 05:03:05 ----D---- C:\Windows\SYSWOW64\RTCOM
2012-08-24 05:03:05 ----D---- C:\Program Files\Realtek
2012-08-24 05:02:59 ----N---- C:\Windows\system32\drivers\SamSfPa.dat
2012-08-24 05:02:58 ----A---- C:\Windows\system32\WavesGUILib.dll
2012-08-24 05:02:57 ----A---- C:\Windows\SYSWOW64\SFCOM.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SRSWOW64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SRSTSX64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SRSTSH64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SRSHP64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SFSAPO64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SFProc64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SFNHK64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SFHAPO64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SFDAPO64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SFComm64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SFCOM64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\SFAPO64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RtPgEx64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RtkCfg64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RtkAPO64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RtkApi64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RTEEP64A.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RTEEL64A.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RTEEG64A.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RTEED64A.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RTCOM64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RP3DHT64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RP3DAA64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RCoRes64.dat
2012-08-24 05:02:57 ----A---- C:\Windows\system32\RCoInst64.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2012-08-24 05:02:57 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2012-08-24 05:02:56 ----N---- C:\Windows\RtlExUpd.dll
2012-08-24 05:02:56 ----HD---- C:\Program Files (x86)\Temp
2012-08-24 05:02:56 ----D---- C:\Program Files (x86)\Realtek
2012-08-24 05:02:56 ----A---- C:\Windows\system32\FMAPO64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSVoiceClarityDLL64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSS2SpeakerDLL64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSNeoPCDLL64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSLimiterDLL64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSLFXAPO64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSGFXAPO64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSGainCompensatorDLL64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSBoostDLL64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\DTSBassEnhancementDLL64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\AERTAR64.dll
2012-08-24 05:02:56 ----A---- C:\Windows\system32\AERTAC64.dll
2012-08-24 05:02:36 ----D---- C:\ProgramData\AmUStor
2012-08-24 05:02:36 ----D---- C:\Program Files (x86)\AmIcoSingLun
2012-08-24 05:02:31 ----D---- C:\Program Files\Elantech
2012-08-24 05:01:40 ----A---- C:\Windows\AsPatch10430001.exe
2012-08-24 05:01:35 ----D---- C:\Program Files\Fresco Logic Inc
2012-08-24 05:00:43 ----A---- C:\Windows\system32\drivers\IntelMEFWVer.dll
2012-08-24 05:00:41 ----A---- C:\Windows\SYSWOW64\log.txt
2012-08-24 05:00:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-08-24 05:00:37 ----A---- C:\Windows\system32\drivers\HECIx64.sys
2012-08-24 05:00:31 ----D---- C:\Windows\SYSWOW64\NV
2012-08-24 05:00:31 ----D---- C:\Windows\system32\NV
2012-08-24 04:59:43 ----D---- C:\ProgramData\NVIDIA
2012-08-24 04:59:04 ----D---- C:\ProgramData\NVIDIA Corporation
2012-08-24 04:59:02 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-08-24 04:58:54 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SYSWOW64\nvoptimusmft.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SYSWOW64\nvdecodemft.dll
2012-08-24 04:58:54 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\OpenCL.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvwgf2umx.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvumdshimx.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvoptimusmft.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvoglv64.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvinitx.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvgenco642040.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvdispco642090.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvdecodemft.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\nvd3dumx.dll
2012-08-24 04:58:54 ----A---- C:\Windows\system32\drivers\nvpciflt.sys
2012-08-24 04:58:54 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2012-08-24 04:58:53 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2012-08-24 04:58:53 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2012-08-24 04:58:53 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2012-08-24 04:58:53 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2012-08-24 04:58:53 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2012-08-24 04:58:53 ----A---- C:\Windows\system32\nvcuvid.dll
2012-08-24 04:58:53 ----A---- C:\Windows\system32\nvcuvenc.dll
2012-08-24 04:58:53 ----A---- C:\Windows\system32\nvcuda.dll
2012-08-24 04:58:53 ----A---- C:\Windows\system32\nvcompiler.dll
2012-08-24 04:58:53 ----A---- C:\Windows\system32\nvapi64.dll
2012-08-24 04:58:12 ----D---- C:\Program Files\NVIDIA Corporation
2012-08-24 04:58:11 ----D---- C:\NvidiaLogs
2012-08-24 04:57:15 ----D---- C:\ProgramData\Intel
2012-08-24 04:56:08 ----D---- C:\Program Files\Common Files\Intel
2012-08-24 04:54:20 ----D---- C:\Program Files (x86)\Intel
2012-08-24 04:54:20 ----A---- C:\Windows\SYSWOW64\CSVer.dll
2012-08-24 04:54:16 ----D---- C:\Intel
2012-08-24 04:52:49 ----D---- C:\Windows\SoftwareDistribution
2012-08-24 04:49:03 ----ASH---- C:\hiberfil.sys
2012-08-24 04:49:02 ----SHD---- C:\System Volume Information
2012-08-24 04:49:02 ----ASH---- C:\pagefile.sys
2012-08-23 22:58:32 ----D---- C:\Users\Pavel\AppData\Roaming\WinRAR
2012-08-23 22:58:26 ----D---- C:\Program Files\WinRAR
2012-08-23 22:57:41 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2012-08-23 22:57:41 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2012-08-23 22:57:05 ----D---- C:\Program Files (x86)\Winamp Detect
2012-08-23 22:56:52 ----D---- C:\Users\Pavel\AppData\Roaming\Winamp
2012-08-23 22:56:52 ----D---- C:\Program Files (x86)\Winamp
2012-08-23 22:55:24 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client
2012-08-23 22:54:07 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2012-08-23 22:54:01 ----RD---- C:\Program Files (x86)\Skype
2012-08-23 22:53:59 ----D---- C:\ProgramData\Skype
2012-08-23 21:47:02 ----N---- C:\Windows\system32\MpSigStub.exe
2012-08-23 21:46:34 ----D---- C:\Users\Pavel\AppData\Roaming\.purple
2012-08-23 21:46:06 ----D---- C:\Program Files (x86)\Pidgin
2012-08-23 21:44:43 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-08-23 21:44:40 ----D---- C:\Users\Pavel\AppData\Roaming\DAEMON Tools Pro
2012-08-23 21:44:38 ----D---- C:\Program Files (x86)\DAEMON Tools Pro
2012-08-23 21:43:59 ----D---- C:\ProgramData\DAEMON Tools Pro
2012-08-23 21:42:45 ----D---- C:\Program Files\7-Zip
2012-08-23 21:36:29 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-08-23 21:36:28 ----D---- C:\Program Files (x86)\Microsoft Security Client
2012-08-23 21:36:26 ----D---- C:\Program Files\Microsoft Security Client
2012-08-23 21:34:15 ----D---- C:\Users\Pavel\AppData\Roaming\Adobe
2012-08-23 20:49:32 ----A---- C:\Windows\system32\drivers\athrx.sys
2012-08-23 20:49:11 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2012-08-23 20:49:11 ----A---- C:\Windows\system32\rdpcore.dll
2012-08-23 20:49:11 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-08-23 20:41:44 ----A---- C:\Windows\system32\wups2.dll
2012-08-23 20:41:44 ----A---- C:\Windows\system32\wuauclt.exe
2012-08-23 20:41:43 ----A---- C:\Windows\system32\wucltux.dll
2012-08-23 20:41:43 ----A---- C:\Windows\system32\wuaueng.dll
2012-08-23 20:41:24 ----A---- C:\Windows\system32\wups.dll
2012-08-23 20:41:24 ----A---- C:\Windows\system32\wudriver.dll
2012-08-23 20:41:24 ----A---- C:\Windows\system32\wuapi.dll
2012-08-23 20:41:20 ----A---- C:\Windows\system32\wuwebv.dll
2012-08-23 20:41:20 ----A---- C:\Windows\system32\wuapp.exe
2012-08-23 20:39:36 ----D---- C:\Users\Pavel\AppData\Roaming\ASUS WebStorage
2012-08-23 20:36:52 ----D---- C:\Users\Pavel\AppData\Roaming\Identities
2012-08-23 20:36:47 ----D---- C:\Users\Pavel\AppData\Roaming\Google
2012-08-23 20:36:39 ----A---- C:\Windows\system32\acovcnt.exe
2012-08-23 20:36:37 ----D---- C:\ProgramData\FolderView
2012-08-23 20:36:36 ----HD---- C:\ASUS.DAT
2012-08-23 20:36:33 ----SD---- C:\Users\Pavel\AppData\Roaming\Microsoft
2012-08-23 20:36:33 ----D---- C:\Users\Pavel\AppData\Roaming\Media Center Programs

======List of files/folders modified in the last 3 months======

2012-09-29 19:30:36 ----D---- C:\Program Files\Trend Micro
2012-09-29 19:30:09 ----D---- C:\Windows\Temp
2012-09-29 19:28:18 ----D---- C:\Windows\system32\config
2012-09-29 19:28:17 ----D---- C:\Windows\inf
2012-09-29 19:27:35 ----D---- C:\Windows\system32\Tasks
2012-09-29 19:27:15 ----D---- C:\Windows\system32\drivers
2012-09-29 19:27:14 ----D---- C:\Windows
2012-09-29 19:22:54 ----D---- C:\Windows\Panther
2012-09-29 19:22:54 ----D---- C:\Windows\Logs
2012-09-29 19:22:54 ----D---- C:\Windows\debug
2012-09-29 19:21:49 ----RD---- C:\Program Files
2012-09-29 15:07:24 ----SHD---- C:\Windows\Installer
2012-09-29 15:06:42 ----D---- C:\Windows\SysWOW64
2012-09-29 15:05:03 ----D---- C:\Windows\Prefetch
2012-09-29 15:02:31 ----RD---- C:\Program Files (x86)
2012-09-29 15:02:31 ----HD---- C:\ProgramData
2012-09-29 15:02:31 ----D---- C:\Windows\Tasks
2012-09-26 03:00:29 ----D---- C:\Windows\winsxs
2012-09-26 03:00:27 ----AD---- C:\Windows\System32
2012-09-26 00:30:48 ----D---- C:\Windows\system32\catroot
2012-09-23 03:19:38 ----D---- C:\Windows\system32\wdi
2012-09-23 03:16:41 ----D---- C:\Windows\SYSWOW64\migration
2012-09-23 03:16:41 ----D---- C:\Windows\system32\migration
2012-09-23 03:16:41 ----D---- C:\Program Files\Internet Explorer
2012-09-23 03:16:41 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-23 03:01:15 ----D---- C:\Windows\system32\catroot2
2012-09-21 14:47:27 ----RSD---- C:\Windows\Fonts
2012-09-20 10:40:53 ----D---- C:\Program Files\Common Files
2012-09-20 10:40:52 ----D---- C:\Program Files (x86)\Common Files
2012-09-18 16:11:16 ----RSD---- C:\Windows\assembly
2012-09-18 15:38:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-09-17 17:25:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-09-13 11:41:07 ----D---- C:\Windows\system32\DriverStore
2012-09-12 18:59:44 ----D---- C:\ProgramData\Nuance
2012-09-03 16:27:53 ----D---- C:\Windows\Microsoft.NET
2012-09-01 22:35:51 ----D---- C:\Windows\SYSWOW64\en-US
2012-09-01 22:35:51 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-09-01 22:35:51 ----D---- C:\Windows\system32\en-US
2012-09-01 22:35:51 ----D---- C:\Windows\system32\cs-CZ
2012-09-01 22:35:51 ----D---- C:\Windows\AppPatch
2012-09-01 18:19:22 ----A---- C:\Windows\win.ini
2012-09-01 18:15:33 ----D---- C:\Program Files\Common Files\System
2012-09-01 11:07:06 ----D---- C:\Windows\ShellNew
2012-09-01 11:06:18 ----D---- C:\Program Files (x86)\MSBuild
2012-09-01 11:06:04 ----SD---- C:\ProgramData\Microsoft
2012-08-25 12:53:59 ----D---- C:\Program Files\Windows Sidebar
2012-08-25 12:53:59 ----D---- C:\Program Files (x86)\Windows Sidebar
2012-08-25 12:53:59 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2012-08-25 12:53:59 ----D---- C:\Program Files (x86)\Windows Media Player
2012-08-25 12:53:59 ----D---- C:\Program Files (x86)\Windows Mail
2012-08-25 12:53:59 ----D---- C:\Program Files (x86)\Windows Defender
2012-08-25 12:53:58 ----D---- C:\Windows\servicing
2012-08-25 12:53:58 ----D---- C:\Program Files\Windows Photo Viewer
2012-08-25 12:53:58 ----D---- C:\Program Files\Windows Media Player
2012-08-25 12:53:58 ----D---- C:\Program Files\Windows Mail
2012-08-25 12:53:58 ----D---- C:\Program Files\Windows Journal
2012-08-25 12:53:58 ----D---- C:\Program Files\Windows Defender
2012-08-25 12:53:58 ----D---- C:\Program Files\DVD Maker
2012-08-25 12:53:56 ----D---- C:\Windows\SYSWOW64\winrm
2012-08-25 12:53:56 ----D---- C:\Windows\SYSWOW64\slmgr
2012-08-25 12:53:56 ----D---- C:\Windows\SYSWOW64\migwiz
2012-08-25 12:53:56 ----D---- C:\Windows\ehome
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\WCN
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\wbem
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\Printing_Admin_Scripts
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\MUI
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\DriverStore
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\drivers
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\Dism
2012-08-25 12:53:48 ----D---- C:\Windows\SYSWOW64\com
2012-08-25 12:53:48 ----D---- C:\Windows\IME
2012-08-25 12:53:47 ----D---- C:\Windows\system32\winrm
2012-08-25 12:53:47 ----D---- C:\Windows\system32\sysprep
2012-08-25 12:53:47 ----D---- C:\Windows\system32\oobe
2012-08-25 12:53:47 ----D---- C:\Windows\system32\migwiz
2012-08-25 12:53:47 ----D---- C:\Windows\PolicyDefinitions
2012-08-25 12:53:46 ----D---- C:\Windows\system32\slmgr
2012-08-25 12:53:46 ----D---- C:\Windows\system32\Boot
2012-08-25 12:53:35 ----D---- C:\Windows\system32\WCN
2012-08-25 12:53:35 ----D---- C:\Windows\system32\MUI
2012-08-25 12:53:35 ----D---- C:\Windows\system32\drivers\UMDF
2012-08-25 12:53:35 ----D---- C:\Windows\system32\Dism
2012-08-25 12:53:33 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2012-08-25 12:53:32 ----D---- C:\Windows\system32\wbem
2012-08-25 12:53:32 ----D---- C:\Windows\system32\com
2012-08-25 11:26:02 ----D---- C:\Windows\rescache
2012-08-25 01:24:24 ----D---- C:\Windows\SYSWOW64\sysprep
2012-08-25 01:24:24 ----D---- C:\Windows\SYSWOW64\es-ES
2012-08-25 01:24:24 ----D---- C:\Windows\SYSWOW64\drivers\UMDF
2012-08-25 01:24:11 ----D---- C:\Windows\system32\es-ES
2012-08-25 01:24:06 ----D---- C:\Windows\es-ES
2012-08-25 01:23:53 ----D---- C:\Windows\SYSWOW64\ru-RU
2012-08-25 01:23:44 ----D---- C:\Windows\system32\ru-RU
2012-08-25 01:23:28 ----D---- C:\Windows\pt-PT
2012-08-25 01:23:27 ----D---- C:\Windows\SYSWOW64\pt-PT
2012-08-25 01:23:20 ----D---- C:\Windows\system32\pt-PT
2012-08-25 01:22:56 ----D---- C:\Windows\it-IT
2012-08-25 01:22:54 ----D---- C:\Windows\SYSWOW64\oobe
2012-08-25 01:22:54 ----D---- C:\Windows\SYSWOW64\it-IT
2012-08-25 01:22:46 ----D---- C:\Windows\SYSWOW64\Setup
2012-08-25 01:22:44 ----D---- C:\Windows\system32\it-IT
2012-08-25 01:22:36 ----D---- C:\Windows\system32\Setup
2012-08-25 01:22:15 ----D---- C:\Windows\SYSWOW64\zh-TW
2012-08-25 01:22:07 ----D---- C:\Windows\zh-TW
2012-08-25 01:22:06 ----D---- C:\Windows\system32\zh-TW
2012-08-25 01:22:06 ----D---- C:\Windows\Globalization
2012-08-24 21:08:45 ----D---- C:\Windows\SYSWOW64\he-IL
2012-08-24 21:08:38 ----D---- C:\Windows\system32\he-IL
2012-08-24 21:06:37 ----D---- C:\Windows\SYSWOW64\el-GR
2012-08-24 21:06:30 ----D---- C:\Windows\system32\el-GR
2012-08-24 21:04:17 ----D---- C:\Windows\SYSWOW64\de-DE
2012-08-24 21:04:17 ----D---- C:\Windows\de-DE
2012-08-24 21:04:10 ----D---- C:\Windows\system32\de-DE
2012-08-24 21:01:54 ----D---- C:\Windows\fr-FR
2012-08-24 21:01:53 ----D---- C:\Windows\SYSWOW64\fr-FR
2012-08-24 21:01:46 ----D---- C:\Windows\system32\fr-FR
2012-08-24 21:00:00 ----D---- C:\Windows\SYSWOW64\nl-NL
2012-08-24 21:00:00 ----D---- C:\Windows\nl-NL
2012-08-24 20:59:59 ----D---- C:\Windows\system32\nl-NL
2012-08-24 20:57:54 ----D---- C:\Windows\SYSWOW64\ar-SA
2012-08-24 20:57:44 ----D---- C:\Windows\system32\ar-SA
2012-08-24 15:13:23 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-08-24 05:48:18 ----D---- C:\Windows\ASUS
2012-08-24 05:26:48 ----D---- C:\Windows\Log
2012-08-24 04:59:34 ----D---- C:\Windows\Help
2012-08-23 20:58:21 ----D---- C:\Windows\system32\LogFiles
2012-08-23 20:50:39 ----D---- C:\ProgramData\Partner
2012-08-23 20:50:39 ----D---- C:\Program Files\Google
2012-08-23 20:50:39 ----D---- C:\Program Files (x86)\Google
2012-08-23 20:49:22 ----D---- C:\Program Files (x86)\ASUS
2012-08-23 20:41:29 ----D---- C:\Program Files (x86)\Microsoft
2012-08-23 20:40:06 ----D---- C:\Windows\system32\restore
2012-08-23 20:39:37 ----D---- C:\ProgramData\ChangeFolderView
2012-08-23 20:38:30 ----D---- C:\ProgramData\Trend Micro
2012-08-23 20:36:50 ----SHD---- C:\$Recycle.Bin
2012-08-23 20:36:33 ----RD---- C:\Users
2012-08-23 20:35:28 ----SHD---- C:\Recovery
2012-08-23 20:35:28 ----D---- C:\Windows\system32\Recovery

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-03-20 203888]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-03-08 25960]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-23 283200]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2010-09-17 105552]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2010-09-17 90704]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2010-09-17 144464]
R2 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
R3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-10-07 2770944]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver; C:\Windows\system32\DRIVERS\FLxHCIc.sys [2011-02-25 302592]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver; C:\Windows\system32\DRIVERS\FLxHCIh.sys [2011-02-25 81920]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-05-24 12259712]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-03-22 2815976]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7; C:\Windows\system32\DRIVERS\ts_athwx.sys [2010-03-02 2103336]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2011-01-25 379520]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-21 325656]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 12600]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2011-03-06 993896]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-14 2009704]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-06-22 625816]
R2 TiMiniService;TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R2 VideAceWindowsService;VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [2010-08-21 77312]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-04-17 247152]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/08/23 20:15:54; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-13 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 Amsp;Trend Micro Solution Platform; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2010-09-17 267480]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-24 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

Re: Škodlivé programy

Napsal: 29 zář 2012 18:53
od Rudy
Vše smazáno, log již vypadá OK.

Re: Škodlivé programy

Napsal: 29 zář 2012 19:01
od xPajas
Děkuji a co ty ASUSácké utilitky, ani nevím, k čemu jsou a ani nevím, které tam jsou navíc...

Re: Škodlivé programy

Napsal: 29 zář 2012 19:07
od Rudy
xPajas píše:Děkuji a co ty ASUSácké utilitky, ani nevím, k čemu jsou a ani nevím, které tam jsou navíc...
Teoreticky je můžete odinstalovat. Pokud je nepoužíváte, není co řešit.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz