VIRY.CZ

Dobrý den, včera jsem svojí neopatrností otevřel soubor který mi přišel od kamaráda a nevšimnul jsem si, že je to soubor exe. Samozřejmně, že to byl červ a usídlil se mi v operační paměti. NOD32 ho po spuštění kontroly identifikoval ale napsal že ho nelze léčit. Vymazal jsem soubory ve skype a vytvořil učet znova, už chodí normálně a neposílá ten spam na všechny účty jak to dělal po nakažení. NOD32 se aktualizoval a červ najednou zmizel a NOD32 už nic nehlásí. Přesto prosím o kontrolu logu. Děkuji.


Logfile of random's system information tool 1.09 (written by random/random)
Run by Pavel at 2012-10-07 19:10:35
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 37 GB (6%) free of 670 GB
Total RAM: 4010 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:10:37, on 7.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Users\Pavel\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Magic.exe
C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe
C:\Windows\V0690Mon.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASC.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: KMP Media Toolbar - {daf5b34c-1aa3-4c33-ae24-766a370635d2} - C:\Program Files (x86)\kmpmediatoolbar\searchresultsDx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: KMP Media Toolbar - {daf5b34c-1aa3-4c33-ae24-766a370635d2} - C:\Program Files (x86)\kmpmediatoolbar\searchresultsDx.dll
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [V0690Mon.exe] C:\windows\V0690Mon.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [PCSpeedUp] C:\Program Files (x86)\Zrychleni Pocitace\PCSUNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\suo10_smartram.exe" /m
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-453037729-1404361596-3676707868-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-453037729-1404361596-3676707868-1000\..\Run: [Google Update] "C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-453037729-1404361596-3676707868-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-453037729-1404361596-3676707868-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Facebook Messenger.lnk = Pavel\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
O4 - Startup: Magic.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\windows\system32\srvany.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: RtLedService Installer (RtLedService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtLED\RtLEDService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 15752 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
winlogon.exe
C:\windows\system32\svchost.exe -k LocalService
"C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe"
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 31560224
\??\C:\windows\system32\conhost.exe "1214305691945281299843095273-1019285338-107748171-206523160911666675251960522489
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\windows\system32\nvvsvc.exe -session -first
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\windows\Explorer.EXE
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
C:\windows\SysWOW64\srvany.exe
C:\windows\KMService.exe
"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" /m
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
\??\C:\windows\system32\conhost.exe "865957658-5794488471608577515402086247473317491-1741531553624530632-2025292711
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe"
"C:\Users\Pavel\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe"
"C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Magic.exe"
"C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe"
"C:\Windows\V0690Mon.exe"
"C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
WLIDSvcM.exe 4064
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\windows\SysWOW64\RunDll32.exe "C:\Program Files\Lenovo\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files\Realtek\RtLED\RtLEDService.exe"
"C:\Program Files\Realtek\RtLED\RtLED.exe"
C:\windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe"
taskeng.exe {A1B97BD5-384A-4DF4-891E-834C46135A0B}
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /systemstart
"C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASC.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/19/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyImpact/spdy3/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_39/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3456.0.1033962503\1188214335" /prefetch:3
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3456.1.1515185634\1573483905" --reduce-gpu-sandbox --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2696 --ignored=" --type=renderer " /prefetch:12
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/19/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyImpact/spdy3/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_39/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --extension-process --renderer-print-preview --channel="3456.2.848314507\1308788911" /prefetch:3
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll" --lang=cs --channel="3456.3.1769190065\324765687" /prefetch:4
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3456.4.1884215060\360234009" --lang=cs --ignored=" --type=renderer " /prefetch:13
"C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/19/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndDynamic/SpdyImpact/spdy3/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_39/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --renderer-print-preview --channel="3456.7.926217560\2030830192" /prefetch:3
"C:\Users\Pavel\Downloads\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001Core.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001UA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001UA.job
C:\windows\tasks\PC SpeedUp Service Deactivator.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\1meoimo6.default-1342553091945

prefs.js - "browser.startup.homepage" - "http://www.parabola.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14]
"Description"=RealPlayer Download Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.4.0]
"Description"=
"Path"=C:\windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
nsRLCT4Player.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
CrazyTalk4Native.dll
ctdomemhelper.dll
ctframeplayerobject.dll
ctplayerobject.dll
imagickrt.dll
np-mswmp.dll
nppdf32.dll
nppl3260.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
npRLCT4Player.dll
nprpplugin.dll
QuickTimePlugin.class
rlcontentclass.dll
RLMusicPacker.dll
RLMusicUnpacker.dll
RLVoicePacker.dll
RLVoiceUnpacker.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-05-24 545224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-05-24 193480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
IObit Toolbar - C:\Program Files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll [2011-11-15 1050976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-09-30 426736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-08 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{daf5b34c-1aa3-4c33-ae24-766a370635d2}]
KMP Media Toolbar - C:\Program Files (x86)\kmpmediatoolbar\searchresultsDx.dll [2012-03-22 87008]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-08 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - IObit Toolbar - C:\Program Files (x86)\IObit Toolbar\IE\4.8\iobitToolbarIE.dll [2011-11-15 1050976]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2011-08-17 1055808]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]
{daf5b34c-1aa3-4c33-ae24-766a370635d2} - KMP Media Toolbar - C:\Program Files (x86)\kmpmediatoolbar\searchresultsDx.dll [2012-03-22 87008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-12-14 11697768]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-12-22 2538280]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-11-02 1933584]
"Lenovo EE Boot Optimizer"=C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [2011-10-09 114688]
"OnekeyStudio"=C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [2011-10-09 789920]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2011-10-09 9769888]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2011-10-09 5908928]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2012-03-19 170264]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2012-03-19 398616]
"Persistence"=C:\windows\system32\igfxpers.exe [2012-03-19 439064]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-03-07 4081008]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2012-09-07 2777296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"=C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe [2012-05-28 288128]
"Facebook Update"=C:\Users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12 138096]
"PCSpeedUp"=C:\Program Files (x86)\Zrychleni Pocitace\PCSUNotifier.exe [2012-07-03 188680]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-08-28 3671904]
"Google Update"=C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-22 136176]
"SmartRAM"=C:\Program Files (x86)\IObit\Advanced SystemCare 5\suo10_smartram.exe [2012-07-31 428928]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17762440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirage"=C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05 136488]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-26 222504]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"RemoteControl"=C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"V0690Mon.exe"=C:\windows\V0690Mon.exe [2010-08-18 28672]
"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2012-01-03 1391272]
"IObit Malware Fighter"=C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [2012-07-02 4473728]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-09-30 296096]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
SRS Premium Sound.lnk - C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Messenger.lnk - C:\Users\Pavel\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
Magic.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2012-03-19 434688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"MaxRecentDocs"=99
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\analyzefile.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ascinit.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ascupgrade.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bluebirdinit.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defsyssettings.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delayload.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hardfileremover.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iobitcommunities.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iobituninstal.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kb915597.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\promote.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\register.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\registrydefragboottime.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\report.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescuecenter.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\startmenu.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\suc10_registrycleaner.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\suc11_privacysweeper.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\suc13_diskcleaner.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sun10_clonedfilesscanner.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sun11_autoshutdown.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sun12_diskexplorer.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sun13_systeminformation.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sun14_emptyfolderscanner.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sun15_systemcontrol.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\suo11_internetbooster.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\suo12_startupmanager.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\suo13_registrydefrag.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\suo14_smartdefrag.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\suo15_gamebooster.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sur10_undelete.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sur11_shortcutfixer.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sur14_iehelper.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sus10_sysexplorer.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sus11_securityholesscanner.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sus13_drivermanager.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\systemrestore.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\turboboost.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unins000.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstallpromote.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgradetip.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wizard.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux6"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"msacm.ac3acm"=AC3ACM.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-10-07 18:30:10 ----D---- C:\Program Files\trend micro
2012-10-07 18:30:08 ----D---- C:\rsit
2012-10-07 13:47:08 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2012-09-26 20:59:50 ----A---- C:\windows\system32\OxpsConverter.exe
2012-09-21 21:27:13 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2012-09-21 21:27:13 ----A---- C:\windows\system32\mshtmled.dll
2012-09-21 21:27:12 ----A---- C:\windows\SYSWOW64\vbscript.dll
2012-09-21 21:27:12 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2012-09-21 21:27:12 ----A---- C:\windows\SYSWOW64\ieui.dll
2012-09-21 21:27:12 ----A---- C:\windows\system32\ieUnatt.exe
2012-09-21 21:27:12 ----A---- C:\windows\system32\ieui.dll
2012-09-21 21:27:11 ----A---- C:\windows\SYSWOW64\urlmon.dll
2012-09-21 21:27:11 ----A---- C:\windows\SYSWOW64\url.dll
2012-09-21 21:27:11 ----A---- C:\windows\system32\url.dll
2012-09-21 21:27:10 ----A---- C:\windows\system32\urlmon.dll
2012-09-21 21:27:10 ----A---- C:\windows\system32\jscript9.dll
2012-09-21 21:27:09 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2012-09-21 21:27:09 ----A---- C:\windows\system32\msfeeds.dll
2012-09-21 21:27:08 ----A---- C:\windows\SYSWOW64\wininet.dll
2012-09-21 21:27:08 ----A---- C:\windows\system32\wininet.dll
2012-09-21 21:27:07 ----A---- C:\windows\SYSWOW64\jscript9.dll
2012-09-21 21:27:07 ----A---- C:\windows\SYSWOW64\jscript.dll
2012-09-21 21:27:07 ----A---- C:\windows\system32\vbscript.dll
2012-09-21 21:27:07 ----A---- C:\windows\system32\jsproxy.dll
2012-09-21 21:27:07 ----A---- C:\windows\system32\jscript.dll
2012-09-21 21:27:06 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2012-09-21 21:27:06 ----A---- C:\windows\SYSWOW64\iertutil.dll
2012-09-21 21:27:06 ----A---- C:\windows\system32\iertutil.dll
2012-09-21 21:27:05 ----A---- C:\windows\SYSWOW64\mshtml.dll
2012-09-21 21:27:02 ----A---- C:\windows\system32\mshtml.dll
2012-09-21 21:26:59 ----A---- C:\windows\system32\ieframe.dll
2012-09-21 21:26:57 ----A---- C:\windows\SYSWOW64\ieframe.dll
2012-09-16 23:05:29 ----A---- C:\windows\SYSWOW64\shoBBCA.tmp
2012-09-11 19:32:37 ----A---- C:\windows\system32\drivers\tcpip.sys
2012-09-11 19:32:37 ----A---- C:\windows\system32\drivers\netio.sys
2012-09-11 19:32:37 ----A---- C:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 19:32:34 ----A---- C:\windows\SYSWOW64\d3d10level9.dll
2012-09-11 19:32:34 ----A---- C:\windows\system32\drivers\RNDISMP.sys
2012-09-11 19:32:34 ----A---- C:\windows\system32\drivers\ndis.sys
2012-09-11 19:32:34 ----A---- C:\windows\system32\d3d10level9.dll
2012-09-10 18:21:18 ----D---- C:\Program Files (x86)\AviSynth 2.5
2012-09-10 18:14:23 ----D---- C:\Temp
2012-09-08 13:37:17 ----A---- C:\windows\SYSWOW64\javaws.exe
2012-09-08 13:37:07 ----A---- C:\windows\SYSWOW64\WindowsAccessBridge-32.dll
2012-09-08 13:37:07 ----A---- C:\windows\SYSWOW64\javaw.exe
2012-09-08 13:37:07 ----A---- C:\windows\SYSWOW64\java.exe

======List of files/folders modified in the last 1 month======

2012-10-07 19:10:38 ----D---- C:\windows\Temp
2012-10-07 18:53:51 ----RD---- C:\Program Files (x86)
2012-10-07 18:53:51 ----D---- C:\windows\Prefetch
2012-10-07 18:30:10 ----RD---- C:\Program Files
2012-10-07 18:03:26 ----D---- C:\windows\System32
2012-10-07 18:03:26 ----D---- C:\windows\inf
2012-10-07 18:03:26 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-10-07 14:39:58 ----D---- C:\Windows
2012-10-07 14:30:19 ----D---- C:\windows\system32\config
2012-10-07 14:21:23 ----A---- C:\windows\SYSWOW64\log.txt
2012-10-07 14:18:54 ----D---- C:\Program Files (x86)\Zrychleni Pocitace
2012-10-07 10:42:08 ----SHD---- C:\windows\Installer
2012-10-07 04:07:12 ----SHD---- C:\System Volume Information
2012-10-07 00:37:34 ----D---- C:\ProgramData\Spyware Terminator
2012-10-06 12:09:15 ----D---- C:\windows\system32\Tasks
2012-10-03 10:18:00 ----D---- C:\windows\system32\catroot2
2012-09-30 21:16:35 ----D---- C:\Users\Pavel\AppData\Roaming\Media Player Classic
2012-09-30 13:51:50 ----D---- C:\ProgramData\Real
2012-09-30 13:51:50 ----D---- C:\Program Files (x86)\Real
2012-09-30 13:51:47 ----D---- C:\Program Files (x86)\Common Files
2012-09-30 13:51:37 ----D---- C:\windows\SysWOW64
2012-09-30 13:51:37 ----A---- C:\windows\SYSWOW64\rmoc3260.dll
2012-09-30 13:51:30 ----A---- C:\windows\SYSWOW64\pndx5032.dll
2012-09-30 13:51:30 ----A---- C:\windows\SYSWOW64\pndx5016.dll
2012-09-30 13:51:28 ----A---- C:\windows\SYSWOW64\pncrt.dll
2012-09-30 13:51:23 ----A---- C:\windows\SYSWOW64\msvcr71.dll
2012-09-30 13:51:23 ----A---- C:\windows\SYSWOW64\msvcp71.dll
2012-09-30 13:49:35 ----D---- C:\windows\Tasks
2012-09-29 22:11:56 ----D---- C:\Program Files\CCleaner
2012-09-29 00:03:30 ----D---- C:\Users\Pavel\AppData\Roaming\Vso
2012-09-28 23:57:36 ----D---- C:\windows\Minidump
2012-09-27 15:41:59 ----D---- C:\windows\rescache
2012-09-27 12:34:29 ----D---- C:\windows\winsxs
2012-09-26 20:55:21 ----D---- C:\windows\system32\catroot
2012-09-22 14:57:01 ----A---- C:\windows\SubCreator.INI
2012-09-21 21:40:49 ----D---- C:\windows\SYSWOW64\migration
2012-09-21 21:40:49 ----D---- C:\windows\system32\migration
2012-09-21 21:40:49 ----D---- C:\Program Files\Internet Explorer
2012-09-21 21:40:49 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-21 19:29:19 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2012-09-18 22:12:20 ----D---- C:\Program Files (x86)\Spyware Terminator
2012-09-18 09:28:46 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-09-18 02:54:18 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-09-14 21:16:12 ----D---- C:\Program Files (x86)\JDownloader
2012-09-12 04:23:18 ----D---- C:\windows\debug
2012-09-11 19:47:02 ----D---- C:\windows\system32\drivers
2012-09-11 19:47:01 ----D---- C:\windows\system32\DriverStore
2012-09-11 19:33:12 ----A---- C:\windows\system32\MRT.exe
2012-09-08 13:57:00 ----D---- C:\ProgramData\DVD Shrink
2012-09-08 13:37:01 ----A---- C:\windows\SYSWOW64\npDeployJava1.dll
2012-09-08 13:37:01 ----A---- C:\windows\SYSWOW64\deployJava1.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fbfmon;fbfmon; C:\windows\system32\drivers\fbfmon.sys [2011-10-09 57952]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-02-18 439320]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2011-10-09 39008]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-06 25960]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SmartDefragDriver;SmartDefragDriver; C:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
R1 BPntDrv;BPntDrv; C:\windows\system32\drivers\BPntDrv.sys [2011-10-09 13408]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-31 283200]
R1 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 epfwwfpr;epfwwfpr; C:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
R2 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\windows\system32\DRIVERS\stflt.sys [2012-03-21 51496]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2011-10-09 29792]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-31 176000]
R3 FileMonitor;FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-03-19 14745600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2010-12-14 2677864]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 MEIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\windows\system32\DRIVERS\NETwNs64.sys [2010-11-09 8500736]
R3 pcouffin;VSO Software pcouffin; C:\windows\System32\Drivers\pcouffin.sys [2012-01-22 82816]
R3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUVStor.sys [2010-11-30 307304]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 SPUVCbv;SPUVCb Driver Service; C:\windows\System32\Drivers\usbvideo.sys [2010-11-21 184960]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-12-22 1407024]
R3 UrlFilter;UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wdkmd;Intel WiDi KMD; C:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
R3 WinDriver6;WinDriver6; C:\windows\system32\drivers\windrvr6.sys [2010-07-15 254976]
S1 cdrbsdrv;cdrbsdrv; C:\windows\system32\drivers\cdrbsdrv.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2011-02-15 349736]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2011-02-15 107560]
S3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\drivers\btwavdt.sys [2011-02-15 138280]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2011-02-15 21416]
S3 ivusb;Initio Driver for USB Default Controller; C:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 V0690Vid;Creative Live! Cam Socialize HD AF Driver; C:\windows\system32\DRIVERS\V0690Vid.sys [2010-08-12 393952]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2011-02-15 956192]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-11-02 1515792]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
R2 KMService;KMService; C:\windows\syswow64\srvany.exe [2003-04-18 8192]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-20 325656]
R2 NVSvc;NVIDIA Driver Helper Service; C:\windows\system32\nvvsvc.exe [2011-03-06 993896]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-06 2009704]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2011-12-21 578264]
R2 PCSUService;PC Speed Up Service; C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe [2012-07-03 291080]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-11-02 836880]
R2 RtLedService;RtLedService Installer; C:\Program Files\Realtek\RtLED\RtLEDService.exe [2010-09-30 311296]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 AdvancedSystemCareService5;Advanced SystemCare Service 5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
R3 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-18 114144]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
S3 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2012-09-07 1148664]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-11-23 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Zdravim a pekny vecer preji

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Odinstalujte Advanced SystemCare 5 a IObit Malware Fighter a nasledne i vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti

Odinstalujte Zrychleni Pocitace

Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Search
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

tady je info.txt ještě před odinstalováním toolbar a těch čínskej šmejdů


info.txt logfile of random's system information tool 1.09 2012-10-07 19:10:39

======Uninstall list======

-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
-->C:\windows\CtDrvIns.exe -uninstall -script VF0690.uns -unsext NTamd64 -plugin V0690Pin.dll -pluginres CtCamPin.crl -langid 0x0415
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{536B5B88-1373-4FA8-BB52-823A46884962}\setup.exe" -l0x15
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x15
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x15
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x15
010 Editor 3.0-->"C:\Program Files (x86)\010 Editor v3\unins000.exe"
AC-3 ACM Codec 2.1-->C:\windows\system32\rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\windows\INF\AC3ACM.inf
AC-3 ACM Codec x64 2.1-->C:\windows\system32\rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\windows\INF\AC3ACM64.inf
Adobe Flash Player 11 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe -maintain plugin
Adobe Reader X (10.1.4) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA1000000001}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x15 /remove
Advanced SystemCare 5-->"C:\Program Files (x86)\IObit\Advanced SystemCare 5\unins000.exe"
AIMP2-->C:\Program Files (x86)\AIMP2\UnInstall.exe
Apple Application Support-->MsiExec.exe /I{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
aTube Catcher-->C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\uninstall.exe
Automatyczna aktualizacja oprogramowania Creative-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x15 /remove
CAS Studio-->MsiExec.exe /X{B8B81A9B-21F2-4C43-8FB9-4AD2CC994FE0}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2011-11-11-->"C:\Program Files (x86)\Combined Community Codec Pack\unins000.exe"
ConvertXtoDVD 3.0.0.1-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Creative Live! Cam Socialize HD AF (VF0690) (1.00.05.00)-->C:\windows\CtDrvIns.exe -uninstall -script VF0690.uns -unsext NTamd64 -plugin V0690Pin.dll -pluginres CtCamPin.crl -langid 0x0415
Creative Live! Central 3-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{536B5B88-1373-4FA8-BB52-823A46884962}\setup.exe" -l0x15 /remove
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
DVD Shrink 3.2-->"C:\Program Files (x86)\DVD Shrink\unins000.exe"
DVDFab 8.1.6.3 (11/02/2012) Qt-->"C:\Program Files\DVDFab 8 Qt\unins000.exe"
DVDFab Platinum 3.0.6.0 Beta Ghosthunter release-->"C:\Program Files\DVDFab Platinum 3\unins000.exe"
Energy Management-->"C:\Program Files (x86)\InstallShield Installation Information\{D0956C11-0F60-43FE-99AD-524E833471BB}\setup.exe" -runfromtemp -l0x0409 -removeonly
Energy Management-->MsiExec.exe /I{D0956C11-0F60-43FE-99AD-524E833471BB}
Facebook Messenger 2.1.4651.0-->MsiExec.exe /X{17D26CDD-B87C-412B-92F0-2D5DD4313522}
Facebook Video Calling 1.2.0.159-->MsiExec.exe /X{7CAC6A44-C3DE-4153-ACA6-7524602C789E}
Fausto-->"C:\Program Files (x86)\Fausto\uninstall.exe"
Haali Media Splitter-->"C:\Program Files (x86)\Haali\MatroskaSplitter\uninstall.exe"
High-Definition Video Playback 10-->MsiExec.exe /X{237CCB62-8454-43E3-B158-3ACD0134852E}
ICQ Toolbar-->C:\Program Files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
ICQ7.7-->"C:\Program Files (x86)\InstallShield Installation Information\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Informacje o systemie Creative-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x15 /remove
Intel PROSet Wireless-->Intel PROSet Wireless
Intel(R) Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
Intel(R) PROSet/Wireless WiFi Software-->MsiExec /I{AF162E20-417F-4946-A06D-65734984957F}
Intel(R) Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
Intel(R) Wireless Display-->MsiExec.exe /X{F84906ED-BB54-4889-B131-FED9C9056FC8}
IObit Malware Fighter-->"C:\Program Files (x86)\IObit\IObit Malware Fighter\unins000.exe"
IObit Toolbar v4.8-->MsiExec.exe /X{ABF9419C-26D2-4765-9D54-FBC4D2394424}
Java 7 Update 7-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217007FF}
Java(TM) 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF}
Java(TM) 7 Update 4 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86417004FF}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JavaFX 2.1.1-->MsiExec.exe /X{1111706F-666A-4037-7777-211328764D10}
JDownloader 0.9-->C:\Program Files (x86)\JDownloader\JDUninstall.exe
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
KMP Media Toolbar-->C:\Program Files (x86)\kmpmediatoolbar\uninstall.exe
KTV-Recorder-->C:\Program Files (x86)\KTV-Recorder\uninstall.exe
Lenovo Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}
Lenovo EasyCamera-->C:\Program Files (x86)\InstallShield Installation Information\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}\setup.exe -runfromtemp -l0x0009 -removeonly
Lenovo EE Boot Optimizer-->C:\Program Files (x86)\Lenovo\Boot Optimizer\Uninstall.exe
Lenovo OneKey Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Lenovo OneKey Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Lenovo YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Lenovo YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Live! Cam Avatar Creator-->C:\Program Files (x86)\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0015 -removeonly /remove
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{790E02A1-145A-3843-8C13-A4F41C9B48B7}
Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}
Microsoft Office Klikni a spusť 2010-->"C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall
Microsoft Office Klikni a spusť 2010-->MsiExec.exe /I{90140000-006D-0405-1000-0000000FF1CE}
Microsoft Office Starter 2010 - čeština-->C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0066-0405-0000-0000000FF1CE}
Microsoft PowerPoint Viewer-->MsiExec.exe /X{95140000-00AF-0405-0000-0000000FF1CE}
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
MKV Demux All RC1-->"C:\Program Files (x86)\MKV Demux All\unins000.exe"
MKVToolNix 5.7.0-->C:\Program Files (x86)\MKVtoolnix\uninst.exe
Mozilla Firefox 15.0.1 (x86 cs)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT Redists-->MsiExec.exe /I{E9627240-E930-11E0-8690-F04DA23A5C58}
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 10 Menu TemplatePack Basic-->MsiExec.exe /X{63AA3EAB-23BB-48B2-9AD0-44F878075604}
Nero 10 Movie ThemePack Basic-->MsiExec.exe /X{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}
Nero BackItUp 10 Help (CHM)-->MsiExec.exe /X{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}
Nero BackItUp 10-->MsiExec.exe /X{68AB6930-5BFF-4FF6-923B-516A91984FE6}
Nero Burning ROM 10-->MsiExec.exe /X{7A5D731D-B4B3-490E-B339-75685712BAAB}
Nero BurningROM 10 Help (CHM)-->MsiExec.exe /X{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}
Nero BurnRights 10 Help (CHM)-->MsiExec.exe /X{555868C6-49FB-484F-BB43-8980651A1B00}
Nero BurnRights 10-->MsiExec.exe /X{943CFD7D-5336-47AF-9418-E02473A5A517}
Nero Control Center 10-->MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38}
Nero ControlCenter 10 Help (CHM)-->MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
Nero Core Components 10-->MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
Nero CoverDesigner 10 Help (CHM)-->MsiExec.exe /X{C3273C55-E1E4-41FF-8D69-0158090DB8D8}
Nero CoverDesigner 10-->MsiExec.exe /X{FCF00A6E-FB58-477A-ABE9-232907105521}
Nero DiscSpeed 10 Help (CHM)-->MsiExec.exe /X{C18A0418-442A-4186-AF98-D08F5054A2FC}
Nero DiscSpeed 10-->MsiExec.exe /X{34490F4E-48D0-492E-8249-B48BECF0537C}
Nero Dolby Files 10-->MsiExec.exe /X{C3580AC4-C827-4332-B935-9A282ED5BB97}
Nero Express 10 Help (CHM)-->MsiExec.exe /X{33643918-7957-4839-92C7-EA96CB621A98}
Nero Express 10-->MsiExec.exe /X{70550193-1C22-445C-8FA4-564E155DB1A7}
Nero InfoTool 10 Help (CHM)-->MsiExec.exe /X{66049135-9659-4AAD-9169-9CCA269EBB3E}
Nero InfoTool 10-->MsiExec.exe /X{F412B4AF-388C-4FF5-9B2F-33DB1C536953}
Nero MediaHub 10 Help (CHM)-->MsiExec.exe /X{F467862A-D9CA-47ED-8D81-B4B3C9399272}
Nero MediaHub 10-->MsiExec.exe /X{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}
Nero Multimedia Suite 10-->MsiExec.exe /I{277C1559-4CF7-44FF-8D07-98AA9C13AABD}
Nero Recode 10 Help (CHM)-->MsiExec.exe /X{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}
Nero Recode 10-->MsiExec.exe /X{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}
Nero RescueAgent 10 Help (CHM)-->MsiExec.exe /X{92E25238-61A3-4ACD-A407-3C480EEF47A7}
Nero RescueAgent 10-->MsiExec.exe /X{E337E787-CF61-4B7B-B84F-509202A54023}
Nero SoundTrax 10 Help (CHM)-->MsiExec.exe /X{16987E99-C95C-4513-9239-7B44A0A71DB5}
Nero SoundTrax 10-->MsiExec.exe /X{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}
Nero StartSmart 10 Help (CHM)-->MsiExec.exe /X{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}
Nero StartSmart 10-->MsiExec.exe /X{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}
Nero Update-->MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
Nero Vision 10 Help (CHM)-->MsiExec.exe /X{329411A0-19F3-4740-874F-17400B126F27}
Nero Vision 10-->MsiExec.exe /X{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}
Nero WaveEditor 10 Help (CHM)-->MsiExec.exe /X{7A295D8F-484B-4FFB-89AB-C1FD497591FE}
Nero WaveEditor 10-->MsiExec.exe /X{EDCDFAD5-DF80-4600-A493-E9DAD6810230}
NVIDIA Graphics Driver 267.54-->"C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver
Onekey Theater-->"C:\Program Files (x86)\InstallShield Installation Information\{D4B060B9-AD4A-4152-9D99-28B93C615AFE}\setup.exe" -runfromtemp -l0x0409 -removeonly
Onekey Theater-->MsiExec.exe /I{D4B060B9-AD4A-4152-9D99-28B93C615AFE}
Opera 11.60-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
Opera 12.02-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení-->MsiExec.exe /I{B6190387-0036-4BEB-8D74-A0AFC5F14706}
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia-->MsiExec.exe /I{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}
Pandora Service-->"C:\Program Files (x86)\PANDORA.TV\PanService\unins000.exe"
PandoraTV Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{0E64B098-8018-4256-BA23-C316A43AD9B0}
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealPlayer-->c:\program files (x86)\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|15.0
Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek USB 2.0 Reader Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{62BBB2F0-E220-4821-A564-730807D2C34D}\setup.exe" -runfromtemp -removeonly
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
RtLED-->MsiExec.exe /I{ACB6F4ED-835B-44EC-9EFD-AC8C83D28597}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663)-->c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)-->c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder ClientLP
Skype™ 5.6-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}
Smart Defrag 2-->"C:\Program Files (x86)\IObit\Smart Defrag 2\unins000.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spyware Terminator 2012-->"C:\Program Files (x86)\Spyware Terminator\unins000.exe"
SRS Premium Sound Control Panel-->MsiExec.exe /X{2998191E-A35E-47E2-BE38-7702C731D722}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The KMPlayer (remove only)-->"C:\Program Files (x86)\The KMPlayer\uninstall.exe"
TMPGEnc DVD Author 1.6-->MsiExec.exe /I{52E9D791-5A64-474D-A575-20ADC2446B3B}
TMPGEnc Sound Player-->MsiExec.exe /I{F5F5ABB8-87EA-47A7-8CC6-E68AFC2D3BC0}
TNod User & Password Finder-->"C:\Program Files (x86)\TNod User & Password Finder\uninst-TNod.exe"
Total Commander (Remove or Repair)-->C:\Program Files (x86)\totalcmd\tcuninst.exe
TsRemux 0.23.2-->"C:\Program Files (x86)\TsRemux\unins000.exe"
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
UserGuide-->"C:\Program Files (x86)\InstallShield Installation Information\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\setup.exe" -runfromtemp -l0x0409 -removeonly
UserGuide-->MsiExec.exe /I{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}
Vegas Pro 11.0-->MsiExec.exe /X{E6F012B0-E930-11E0-A67A-F04DA23A5C58}
VeriFace-->C:\Program Files (x86)\Lenovo\VeriFace\Uninstall.exe
VLC media player 2.0.2-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)-->C:\PROGRA~1\DIFX\8C657473004ED4CD\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\vpc.inf_amd64_neutral_28dd80cc6c82ef03\vpc.inf
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Essentials-->MsiExec.exe /I{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}
Windows Live Fotogaléria-->MsiExec.exe /X{97F77D62-5110-4FA3-A2D3-410B92D31199}
Windows Live Fotogalerie-->MsiExec.exe /X{FB79FDB7-4DE1-453D-99FE-9A880F57380E}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C454280F-3C3E-4929-B60E-9E6CED5717E7}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mail-->MsiExec.exe /I{FA6CF94F-DACF-4FE7-959D-55C421B91B17}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe /I{80E8C65A-8F70-4585-88A2-ABC54BABD576}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger-->MsiExec.exe /X{A3389C72-1782-4BB4-BBAA-33345DE52E3F}
Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live Messenger-->MsiExec.exe /X{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}
Windows Live Photo Common-->MsiExec.exe /X{6F37D92B-41AA-44B7-80D2-457ABDE11896}
Windows Live Photo Common-->MsiExec.exe /X{78906B56-0E81-42A7-AC25-F54C946E1538}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Remote Client Resources-->MsiExec.exe /I{3921492E-82D2-4180-8124-E347AD2F2DB4}
Windows Live Remote Client Resources-->MsiExec.exe /I{5F44A3A1-5D24-4708-8776-66B42B174C64}
Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}
Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Service Resources-->MsiExec.exe /I{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}
Windows Live Remote Service Resources-->MsiExec.exe /I{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}
Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}
Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{5E627606-53B9-42D1-97E1-D03F6229E248}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}
Windows Live Writer Resources-->MsiExec.exe /X{AB78C965-5C67-409B-8433-D7B5BDB12073}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{11778DA1-0495-4ED9-972F-F9E0B0367CD5}
Windows Live Writer-->MsiExec.exe /X{4264C020-850B-4F08-ACBE-98205D9C336C}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 4.1.2-->C:\Program Files (x86)\WinPcap\uninstall.exe
WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
Wondershare HD Video Converter(Build 4.3.0.0)-->"C:\Program Files (x86)\Wondershare\HD Video Converter\unins000.exe"
XviD MPEG-4 Video Codec rev.1.3.0-->"C:\Program Files\XviD MPEG-4 Video Codec\unins000.exe"
Zrychleni Pocitace - Kompletně odinstalovat-->"C:\Program Files (x86)\Zrychleni Pocitace\unins000.exe"

======System event log======

Computer Name: Notebook
Event Code: 51
Message: Na zařízení \Device\Harddisk1\DR1 byla při operaci stránkování rozpoznána chyba.
Record Number: 988672
Source Name: Disk
Time Written: 20120915140647.957343-000
Event Type: Upozornění
User:

Computer Name: Notebook
Event Code: 51
Message: Na zařízení \Device\Harddisk1\DR1 byla při operaci stránkování rozpoznána chyba.
Record Number: 988671
Source Name: Disk
Time Written: 20120915140647.957343-000
Event Type: Upozornění
User:

Computer Name: Notebook
Event Code: 51
Message: Na zařízení \Device\Harddisk1\DR1 byla při operaci stránkování rozpoznána chyba.
Record Number: 988670
Source Name: Disk
Time Written: 20120915140647.957343-000
Event Type: Upozornění
User:

Computer Name: Notebook
Event Code: 51
Message: Na zařízení \Device\Harddisk1\DR1 byla při operaci stránkování rozpoznána chyba.
Record Number: 988669
Source Name: Disk
Time Written: 20120915140647.957343-000
Event Type: Upozornění
User:

Computer Name: Notebook
Event Code: 51
Message: Na zařízení \Device\Harddisk1\DR1 byla při operaci stránkování rozpoznána chyba.
Record Number: 988668
Source Name: Disk
Time Written: 20120915140647.957343-000
Event Type: Upozornění
User:

=====Application event log=====

Computer Name: Notebook
Event Code: 8194
Message: Bod obnovení byl úspěšně vytvořen (Proces = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V; Popis = Nainstalováno: Microsoft Visual C++ 2005 Redistributable).
Record Number: 5062
Source Name: System Restore
Time Written: 20111209200904.000000-000
Event Type: Informace
User:

Computer Name: Notebook
Event Code: 1040
Message: Probíhá zahajování transakce Instalační služby systému Windows: C:\Users\Pavel\AppData\Local\Temp\IXP000.TMP\vcredist.msi. ID procesu klienta: 2156
Record Number: 5061
Source Name: MsiInstaller
Time Written: 20111209200831.000000-000
Event Type: Informace
User: Notebook\Pavel

Computer Name: Notebook
Event Code: 2000
Message: User Notification Service started.

Record Number: 5060
Source Name: UNS
Time Written: 20111209200458.000000-000
Event Type: Informace
User:

Computer Name: Notebook
Event Code: 902
Message: Služba Ochrana softwaru byla spuštěna.
6.1.7601.17514
Record Number: 5059
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20111209200454.000000-000
Event Type: Informace
User:

Computer Name: Notebook
Event Code: 1003
Message: Služba Ochrana softwaru dokončila kontrolu stavu licencování.
ID aplikace=55c92734-d682-4d71-983e-d6ec3f16059f
Stav licencování=
1: 01f5fc37-a99e-45c5-b65e-d762f3518ead, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 2e7d060d-4714-40f2-9896-1e4f15b612ad, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
3: 3b965dfc-31d9-4903-886f-873a0382776c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: 586bc076-c93d-429a-afe5-a69fbc644e88, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
5: 5e017a8a-f3f9-4167-b1bd-ba3e236a4d8f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: 5e35dc43-389b-47c5-b889-2088b06738cb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
7: 6a7d5d8a-92af-4e6a-af4b-8fddaec800e5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
8: 9ab82e0c-ffc9-4107-baa1-c65a8bd3ccc3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
9: 9f83d90f-a151-4665-ae69-30b3f63ec659, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
10: a63275f4-530c-48a7-b0d3-4f00d688d151, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
11: b8a4bb91-69b1-460d-93f8-40e0670af04a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
12: d2c04e90-c3dd-4260-b0f3-f845f5d27d64, 1, 1 [(0 [0x00000000, 1, 0], [(?)(?)( 1 0x00000000 0 0 msft:rm/algorithm/bios/4.0 0x00000000 0)(?)(?)(?)])(1 )(2 )]
13: e68b141f-4dfa-4387-b3b7-e65c4889216e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
14: ee4e1629-bcdc-4b42-a68f-b92e135f78d7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
15: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
16: afd5f68f-b70f-4000-a21d-28dbc8be8b07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]


Record Number: 5058
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20111209200453.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: Notebook
Event Code: 5061
Message: Kryptografická operace.

Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5

Kryptografické parametry:
Název poskytovatele: Microsoft Software Key Storage Provider
Název algoritmu: RSA
Název klíče: 46658e41-d639-46c6-a4f1-b77cb0004b63
Typ klíče: Klíč počítače

Kryptografická operace:
Operace: Otevřít klíč
Návratový kód: 0x0
Record Number: 12719
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120127110446.136364-000
Event Type: Úspěšný audit
User:

Computer Name: Notebook
Event Code: 5058
Message: Operace se souborem klíče.

Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5

Kryptografické parametry:
Název poskytovatele: Microsoft Software Key Storage Provider
Název algoritmu: Není k dispozici.
Název klíče: 46658e41-d639-46c6-a4f1-b77cb0004b63
Typ klíče: Klíč počítače

Informace o operaci se souborem klíče:
Cesta k souboru: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d3540702ba3ebc7683bc2b3a9bbb5630_69742338-3d82-462c-bc72-bc4e7ecfc4f9
Operace: Čtení trvalého klíče ze souboru
Návratový kód: 0x0
Record Number: 12718
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120127110446.136364-000
Event Type: Úspěšný audit
User:

Computer Name: Notebook
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 12717
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120127110433.381634-000
Event Type: Úspěšný audit
User:

Computer Name: Notebook
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: NOTEBOOK$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x2a4
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 12716
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120127110433.381634-000
Event Type: Úspěšný audit
User:

Computer Name: Notebook
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 12715
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120127110348.496067-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Lenovo\Bluetooth Software\;C:\Program Files\Lenovo\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\XviD MPEG-4 Video Codec;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\MKVtoolnix
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"windows_tracing_flags"=3
"configsetroot"=%SystemRoot%\ConfigSetRoot
"LenovoTestLogFile"=preload.log

-----------------EOF-----------------


A TADY JE LOG Z AdwCleaneru:


# AdwCleaner v2.004 - Logfile created 10/07/2012 at 20:21:13
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Pavel - NOTEBOOK
# Boot Mode : Normal
# Running from : C:\Users\Pavel\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Application Updater
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Common Files\spigot
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Pavel\AppData\LocalLow\Search Settings

***** [Registry] *****

Key Found : HKCU\Software\APN DTX
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-453037729-1404361596-3676707868-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-453037729-1404361596-3676707868-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (cs)

Profile name : default
File : C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\fay15gb7.default\prefs.js

[OK] File is clean.

Profile name : default-1342553091945 [Profil par défaut]
File : C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\1meoimo6.default-1342553091945\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.2.1578.0

File : C:\Users\Pavel\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2948 octets] - [07/10/2012 20:20:34]
AdwCleaner[R2].txt - [2883 octets] - [07/10/2012 20:21:13]

########## EOF - C:\AdwCleaner[R2].txt - [2943 octets] ##########

Pak jeste odinstalujte ten nelegalni ESET a dejte tam free reseni (Avast free, Aviru ci MSE) - toto tu netolerujeme, vizte pravidla fora http://forum.viry.cz/viewtopic.php?f=12&t=115512, ktere jste vy i ja povinnen dodrzovat

Pomáhat NELZE:
2) Pokud stroj uživatele prokazatelně obsahuje nelegální hostitelský čí ochranný software
(operační systém, antivir, firewall, atd.), je nutné navést uživatele k nápravě, např. skrze neplacený software,
a začít řešit, až v době kdy je PC "v pořádku". V případě že uživatel nechce na pravidla přistoupit,
je nutné jej vyzvat ať fórum opustí, a vrátí se až je splní.

Az toto provedete, tak napiste, at vim, ci na to vubec hodlate pristoupit

ok dám avast free, tohle mi instaloval známý já se v tom moc nevyznám, omlouvám se.

Dokoncete tedy odinstalaci programu co jsme naspal v uvodu

Provedte zmenu ESETu za Avast

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Delete
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Dejte novy log z RSIT

Tady je log z AdwCleaner, bohužel jsem udělal asi chybu protože jsem po prvních logách zjistil, že tam mám ještě jeden program iobit na čištění op.paměti, tak jsem to smazal a udělal nový log a ty první logy smazal. Snad to nebude vadit, omlouvám se.
,
# AdwCleaner v2.004 - Logfile created 10/07/2012 at 21:40:59
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Pavel - NOTEBOOK
# Boot Mode : Normal
# Running from : C:\Users\Pavel\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (cs)

Profile name : default
File : C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\fay15gb7.default\prefs.js

[OK] File is clean.

Profile name : default-1342553091945 [Profil par défaut]
File : C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\1meoimo6.default-1342553091945\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.2.1578.0

File : C:\Users\Pavel\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S3].txt - [1136 octets] - [07/10/2012 21:40:59]

########## EOF - C:\AdwCleaner[S3].txt - [1196 octets] ##########





--------------------------------------------------------------------------------------------------------------------------------
a tady je z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Pavel at 2012-10-07 21:45:22
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 37 GB (6%) free of 670 GB
Total RAM: 4010 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:45:27, on 7.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Pavel\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Magic.exe
C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe
C:\Windows\V0690Mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\trend micro\Pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [V0690Mon.exe] C:\windows\V0690Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Facebook Messenger.lnk = Pavel\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
O4 - Startup: Magic.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\windows\system32\srvany.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: RtLedService Installer (RtLedService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtLED\RtLEDService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 12978 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
winlogon.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\windows\system32\nvvsvc.exe -session -first
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {1AC03BC9-14A9-4DC2-BAD9-BC428A13AAEA}
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\windows\SysWOW64\srvany.exe
C:\windows\KMService.exe
"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe"
\??\C:\windows\system32\conhost.exe "-378236112391117075642286647-11984097191347406358152613809012737322921087818314
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
"C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
WLIDSvcM.exe 2780
"taskhost.exe"
taskeng.exe {7FE9AFF8-2F61-4426-BEFC-4C1C85A45732}
"C:\windows\system32\Dwm.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe"
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Users\Pavel\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe"
"C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Magic.exe"
"C:\windows\system32\NOTEPAD.EXE" C:\AdwCleaner[S3].txt
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe"
"C:\Windows\V0690Mon.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\windows\SysWOW64\RunDll32.exe "C:\Program Files\Lenovo\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\servicing\TrustedInstaller.exe
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
"C:\Users\Pavel\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001Core.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001UA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\1meoimo6.default-1342553091945

prefs.js - "browser.startup.homepage" - "http://www.parabola.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14]
"Description"=RealPlayer Download Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.4.0]
"Description"=
"Path"=C:\windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
nsRLCT4Player.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
CrazyTalk4Native.dll
ctdomemhelper.dll
ctframeplayerobject.dll
ctplayerobject.dll
imagickrt.dll
np-mswmp.dll
nppdf32.dll
nppl3260.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
npRLCT4Player.dll
nprpplugin.dll
QuickTimePlugin.class
rlcontentclass.dll
RLMusicPacker.dll
RLMusicUnpacker.dll
RLVoicePacker.dll
RLVoiceUnpacker.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-08-21 1501776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-05-24 545224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-05-24 193480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-09-30 426736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-08 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-08 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-08-21 1501776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-12-14 11697768]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-12-22 2538280]
"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-11-02 1933584]
"Lenovo EE Boot Optimizer"=C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [2011-10-09 114688]
"OnekeyStudio"=C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [2011-10-09 789920]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2011-10-09 9769888]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2011-10-09 5908928]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2012-03-19 170264]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2012-03-19 398616]
"Persistence"=C:\windows\system32\igfxpers.exe [2012-03-19 439064]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2012-09-07 2777296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=C:\Users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12 138096]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-08-28 3671904]
"Google Update"=C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-22 136176]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17762440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirage"=C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05 136488]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-26 222504]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"RemoteControl"=C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"V0690Mon.exe"=C:\windows\V0690Mon.exe [2010-08-18 28672]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-09-30 296096]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
SRS Premium Sound.lnk - C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Messenger.lnk - C:\Users\Pavel\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
Magic.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2012-03-19 434688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"MaxRecentDocs"=99
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux6"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"msacm.ac3acm"=AC3ACM.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-10-07 21:40:59 ----A---- C:\AdwCleaner[S3].txt
2012-10-07 21:14:23 ----A---- C:\windows\system32\drivers\aswFW.sys
2012-10-07 21:14:11 ----A---- C:\windows\system32\drivers\aswNdis2.sys
2012-10-07 21:14:09 ----A---- C:\windows\system32\drivers\aswKbd.sys
2012-10-07 21:14:07 ----A---- C:\windows\system32\drivers\aswNdis.sys
2012-10-07 21:06:27 ----A---- C:\windows\system32\drivers\aswFsBlk.sys
2012-10-07 21:06:26 ----A---- C:\windows\system32\drivers\aswSP.sys
2012-10-07 21:06:24 ----A---- C:\windows\system32\drivers\aswRdr2.sys
2012-10-07 21:06:23 ----A---- C:\windows\system32\drivers\aswTdi.sys
2012-10-07 21:06:22 ----A---- C:\windows\system32\drivers\aswSnx.sys
2012-10-07 21:06:19 ----A---- C:\windows\system32\drivers\aswMonFlt.sys
2012-10-07 21:06:18 ----A---- C:\windows\system32\aswBoot.exe
2012-10-07 21:05:56 ----A---- C:\windows\avastSS.scr
2012-10-07 21:05:55 ----A---- C:\windows\SYSWOW64\aswBoot.exe
2012-10-07 21:05:45 ----D---- C:\ProgramData\AVAST Software
2012-10-07 21:05:45 ----D---- C:\Program Files\AVAST Software
2012-10-07 18:30:10 ----D---- C:\Program Files\trend micro
2012-10-07 18:30:08 ----D---- C:\rsit
2012-10-07 13:47:08 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2012-09-26 20:59:50 ----A---- C:\windows\system32\OxpsConverter.exe
2012-09-21 21:27:13 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2012-09-21 21:27:13 ----A---- C:\windows\system32\mshtmled.dll
2012-09-21 21:27:12 ----A---- C:\windows\SYSWOW64\vbscript.dll
2012-09-21 21:27:12 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2012-09-21 21:27:12 ----A---- C:\windows\SYSWOW64\ieui.dll
2012-09-21 21:27:12 ----A---- C:\windows\system32\ieUnatt.exe
2012-09-21 21:27:12 ----A---- C:\windows\system32\ieui.dll
2012-09-21 21:27:11 ----A---- C:\windows\SYSWOW64\urlmon.dll
2012-09-21 21:27:11 ----A---- C:\windows\SYSWOW64\url.dll
2012-09-21 21:27:11 ----A---- C:\windows\system32\url.dll
2012-09-21 21:27:10 ----A---- C:\windows\system32\urlmon.dll
2012-09-21 21:27:10 ----A---- C:\windows\system32\jscript9.dll
2012-09-21 21:27:09 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2012-09-21 21:27:09 ----A---- C:\windows\system32\msfeeds.dll
2012-09-21 21:27:08 ----A---- C:\windows\SYSWOW64\wininet.dll
2012-09-21 21:27:08 ----A---- C:\windows\system32\wininet.dll
2012-09-21 21:27:07 ----A---- C:\windows\SYSWOW64\jscript9.dll
2012-09-21 21:27:07 ----A---- C:\windows\SYSWOW64\jscript.dll
2012-09-21 21:27:07 ----A---- C:\windows\system32\vbscript.dll
2012-09-21 21:27:07 ----A---- C:\windows\system32\jsproxy.dll
2012-09-21 21:27:07 ----A---- C:\windows\system32\jscript.dll
2012-09-21 21:27:06 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2012-09-21 21:27:06 ----A---- C:\windows\SYSWOW64\iertutil.dll
2012-09-21 21:27:06 ----A---- C:\windows\system32\iertutil.dll
2012-09-21 21:27:05 ----A---- C:\windows\SYSWOW64\mshtml.dll
2012-09-21 21:27:02 ----A---- C:\windows\system32\mshtml.dll
2012-09-21 21:26:59 ----A---- C:\windows\system32\ieframe.dll
2012-09-21 21:26:57 ----A---- C:\windows\SYSWOW64\ieframe.dll
2012-09-16 23:05:29 ----A---- C:\windows\SYSWOW64\shoBBCA.tmp
2012-09-11 19:32:37 ----A---- C:\windows\system32\drivers\tcpip.sys
2012-09-11 19:32:37 ----A---- C:\windows\system32\drivers\netio.sys
2012-09-11 19:32:37 ----A---- C:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 19:32:34 ----A---- C:\windows\SYSWOW64\d3d10level9.dll
2012-09-11 19:32:34 ----A---- C:\windows\system32\drivers\RNDISMP.sys
2012-09-11 19:32:34 ----A---- C:\windows\system32\drivers\ndis.sys
2012-09-11 19:32:34 ----A---- C:\windows\system32\d3d10level9.dll
2012-09-10 18:21:18 ----D---- C:\Program Files (x86)\AviSynth 2.5
2012-09-10 18:14:23 ----D---- C:\Temp
2012-09-08 13:37:17 ----A---- C:\windows\SYSWOW64\javaws.exe
2012-09-08 13:37:07 ----A---- C:\windows\SYSWOW64\WindowsAccessBridge-32.dll
2012-09-08 13:37:07 ----A---- C:\windows\SYSWOW64\javaw.exe
2012-09-08 13:37:07 ----A---- C:\windows\SYSWOW64\java.exe

======List of files/folders modified in the last 1 month======

2012-10-07 21:44:38 ----D---- C:\Windows
2012-10-07 21:44:27 ----D---- C:\windows\Temp
2012-10-07 21:44:25 ----D---- C:\windows\system32\config
2012-10-07 21:42:41 ----D---- C:\windows\system32\Tasks
2012-10-07 21:41:11 ----A---- C:\windows\SYSWOW64\log.txt
2012-10-07 21:37:10 ----D---- C:\windows\System32
2012-10-07 21:37:10 ----D---- C:\windows\inf
2012-10-07 21:37:10 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-10-07 21:36:25 ----RD---- C:\Program Files (x86)
2012-10-07 21:29:08 ----HD---- C:\ProgramData
2012-10-07 21:29:08 ----D---- C:\Program Files (x86)\Common Files
2012-10-07 21:26:01 ----D---- C:\windows\SoftwareDistribution
2012-10-07 21:14:23 ----D---- C:\windows\system32\drivers
2012-10-07 21:14:17 ----D---- C:\windows\system32\DriverStore
2012-10-07 21:14:17 ----D---- C:\windows\system32\catroot
2012-10-07 21:06:18 ----D---- C:\windows\SysWOW64
2012-10-07 21:06:16 ----SHD---- C:\windows\Installer
2012-10-07 21:05:45 ----RD---- C:\Program Files
2012-10-07 21:05:41 ----SHD---- C:\System Volume Information
2012-10-07 20:54:39 ----D---- C:\Program Files (x86)\TNod User & Password Finder
2012-10-07 20:48:16 ----D---- C:\windows\Prefetch
2012-10-07 20:10:15 ----D---- C:\windows\Tasks
2012-10-07 00:37:34 ----D---- C:\ProgramData\Spyware Terminator
2012-10-03 10:18:00 ----D---- C:\windows\system32\catroot2
2012-09-30 21:16:35 ----D---- C:\Users\Pavel\AppData\Roaming\Media Player Classic
2012-09-30 13:51:50 ----D---- C:\ProgramData\Real
2012-09-30 13:51:50 ----D---- C:\Program Files (x86)\Real
2012-09-30 13:51:37 ----A---- C:\windows\SYSWOW64\rmoc3260.dll
2012-09-30 13:51:30 ----A---- C:\windows\SYSWOW64\pndx5032.dll
2012-09-30 13:51:30 ----A---- C:\windows\SYSWOW64\pndx5016.dll
2012-09-30 13:51:28 ----A---- C:\windows\SYSWOW64\pncrt.dll
2012-09-30 13:51:23 ----A---- C:\windows\SYSWOW64\msvcr71.dll
2012-09-30 13:51:23 ----A---- C:\windows\SYSWOW64\msvcp71.dll
2012-09-29 22:11:56 ----D---- C:\Program Files\CCleaner
2012-09-29 00:03:30 ----D---- C:\Users\Pavel\AppData\Roaming\Vso
2012-09-28 23:57:36 ----D---- C:\windows\Minidump
2012-09-27 15:41:59 ----D---- C:\windows\rescache
2012-09-27 12:34:29 ----D---- C:\windows\winsxs
2012-09-22 14:57:01 ----A---- C:\windows\SubCreator.INI
2012-09-21 21:40:49 ----D---- C:\windows\SYSWOW64\migration
2012-09-21 21:40:49 ----D---- C:\windows\system32\migration
2012-09-21 21:40:49 ----D---- C:\Program Files\Internet Explorer
2012-09-21 21:40:49 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-21 19:29:19 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2012-09-18 22:12:20 ----D---- C:\Program Files (x86)\Spyware Terminator
2012-09-18 09:28:46 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-09-18 02:54:18 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-09-14 21:16:12 ----D---- C:\Program Files (x86)\JDownloader
2012-09-12 04:23:18 ----D---- C:\windows\debug
2012-09-11 19:33:12 ----A---- C:\windows\system32\MRT.exe
2012-09-08 13:57:00 ----D---- C:\ProgramData\DVD Shrink
2012-09-08 13:37:01 ----A---- C:\windows\SYSWOW64\npDeployJava1.dll
2012-09-08 13:37:01 ----A---- C:\windows\SYSWOW64\deployJava1.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdis;avast! Firewall NDIS Filter Service; C:\windows\system32\DRIVERS\aswNdis.sys [2012-07-13 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service; C:\windows\system32\drivers\aswNdis2.sys [2012-08-21 266776]
R0 fbfmon;fbfmon; C:\windows\system32\drivers\fbfmon.sys [2011-10-09 57952]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-02-18 439320]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2011-10-09 39008]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-06 25960]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswFW;avast! TDI Firewall driver; C:\windows\system32\drivers\aswFW.sys [2012-08-21 142128]
R1 aswKbd;aswKbd; C:\windows\system32\drivers\aswKbd.sys [2012-08-21 19600]
R1 aswRdr;aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [2012-08-21 54072]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2012-08-21 969200]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2012-08-21 359464]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2012-08-21 59728]
R1 BPntDrv;BPntDrv; C:\windows\system32\drivers\BPntDrv.sys [2011-10-09 13408]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-31 283200]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2012-08-21 25232]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
R2 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\windows\system32\DRIVERS\stflt.sys [2012-03-21 51496]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2011-10-09 29792]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-31 176000]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-03-19 14745600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2010-12-14 2677864]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 MEIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\windows\system32\DRIVERS\NETwNs64.sys [2010-11-09 8500736]
R3 pcouffin;VSO Software pcouffin; C:\windows\System32\Drivers\pcouffin.sys [2012-01-22 82816]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUVStor.sys [2010-11-30 307304]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 SPUVCbv;SPUVCb Driver Service; C:\windows\System32\Drivers\usbvideo.sys [2010-11-21 184960]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-12-22 1407024]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wdkmd;Intel WiDi KMD; C:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
R3 WinDriver6;WinDriver6; C:\windows\system32\drivers\windrvr6.sys [2010-07-15 254976]
S1 cdrbsdrv;cdrbsdrv; C:\windows\system32\drivers\cdrbsdrv.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2011-02-15 349736]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2011-02-15 107560]
S3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\drivers\btwavdt.sys [2011-02-15 138280]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2011-02-15 21416]
S3 ivusb;Initio Driver for USB Default Controller; C:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 V0690Vid;Creative Live! Cam Socialize HD AF Driver; C:\windows\system32\DRIVERS\V0690Vid.sys [2010-08-12 393952]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-08-21 133912]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2011-02-15 956192]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-11-02 1515792]
R2 KMService;KMService; C:\windows\syswow64\srvany.exe [2003-04-18 8192]
R2 NVSvc;NVIDIA Driver Helper Service; C:\windows\system32\nvvsvc.exe [2011-03-06 993896]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2011-12-21 578264]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-11-02 836880]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2012-09-07 1148664]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-20 325656]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-06 2009704]
S2 RtLedService;RtLedService Installer; C:\Program Files\Realtek\RtLED\RtLEDService.exe [2010-09-30 311296]
S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-18 114144]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
S3 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-11-23 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Kliknete na volbu Change parametrs
• V okne Additional Option zakliknete vsechny moznosti
• Kliknete na OK
• Utilite prikazte, at skenuje - klik na Start Scan
• Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
• Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
• Pokud mate vsude Skip, kliknete na Continue
• Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
• Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

22:15:32.0495 6008 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:15:32.0631 6008 ============================================================
22:15:32.0631 6008 Current date / time: 2012/10/07 22:15:32.0631
22:15:32.0631 6008 SystemInfo:
22:15:32.0631 6008
22:15:32.0631 6008 OS Version: 6.1.7601 ServicePack: 1.0
22:15:32.0631 6008 Product type: Workstation
22:15:32.0631 6008 ComputerName: NOTEBOOK
22:15:32.0631 6008 UserName: Pavel
22:15:32.0631 6008 Windows directory: C:\windows
22:15:32.0631 6008 System windows directory: C:\windows
22:15:32.0631 6008 Running under WOW64
22:15:32.0631 6008 Processor architecture: Intel x64
22:15:32.0631 6008 Number of processors: 4
22:15:32.0631 6008 Page size: 0x1000
22:15:32.0631 6008 Boot type: Normal boot
22:15:32.0631 6008 ============================================================
22:15:33.0216 6008 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x162DD1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
22:15:33.0222 6008 ============================================================
22:15:33.0222 6008 \Device\Harddisk0\DR0:
22:15:33.0223 6008 MBR partitions:
22:15:33.0223 6008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
22:15:33.0223 6008 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x51D62800
22:15:33.0251 6008 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x51DC7800, BlocksNum 0x3A00800
22:15:33.0251 6008 ============================================================
22:15:33.0306 6008 C: <-> \Device\Harddisk0\DR0\Partition2
22:15:33.0352 6008 D: <-> \Device\Harddisk0\DR0\Partition3
22:15:33.0353 6008 ============================================================
22:15:33.0353 6008 Initialize success
22:15:33.0353 6008 ============================================================
22:16:19.0137 6140 ============================================================
22:16:19.0137 6140 Scan started
22:16:19.0137 6140 Mode: Manual; SigCheck; TDLFS;
22:16:19.0137 6140 ============================================================
22:16:19.0814 6140 ================ Scan system memory ========================
22:16:19.0814 6140 System memory - ok
22:16:19.0814 6140 ================ Scan services =============================
22:16:20.0064 6140 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
22:16:20.0161 6140 1394ohci - ok
22:16:20.0203 6140 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
22:16:20.0221 6140 ACPI - ok
22:16:20.0234 6140 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
22:16:20.0279 6140 AcpiPmi - ok
22:16:20.0307 6140 [ 5BBFF8B826EC38D32C26334E079C7EFC ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
22:16:20.0323 6140 ACPIVPC - ok
22:16:20.0422 6140 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:16:20.0434 6140 AdobeARMservice - ok
22:16:20.0578 6140 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:16:20.0610 6140 AdobeFlashPlayerUpdateSvc - ok
22:16:20.0662 6140 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
22:16:20.0682 6140 adp94xx - ok
22:16:20.0689 6140 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
22:16:20.0707 6140 adpahci - ok
22:16:20.0751 6140 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
22:16:20.0767 6140 adpu320 - ok
22:16:20.0822 6140 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
22:16:20.0869 6140 AeLookupSvc - ok
22:16:20.0919 6140 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
22:16:20.0963 6140 AFD - ok
22:16:20.0984 6140 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
22:16:20.0998 6140 agp440 - ok
22:16:21.0016 6140 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
22:16:21.0053 6140 ALG - ok
22:16:21.0070 6140 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
22:16:21.0084 6140 aliide - ok
22:16:21.0095 6140 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
22:16:21.0108 6140 amdide - ok
22:16:21.0127 6140 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
22:16:21.0168 6140 AmdK8 - ok
22:16:21.0181 6140 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
22:16:21.0224 6140 AmdPPM - ok
22:16:21.0247 6140 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
22:16:21.0261 6140 amdsata - ok
22:16:21.0279 6140 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
22:16:21.0296 6140 amdsbs - ok
22:16:21.0315 6140 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
22:16:21.0328 6140 amdxata - ok
22:16:21.0343 6140 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
22:16:21.0395 6140 AppID - ok
22:16:21.0442 6140 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
22:16:21.0513 6140 AppIDSvc - ok
22:16:21.0535 6140 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
22:16:21.0594 6140 Appinfo - ok
22:16:21.0663 6140 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
22:16:21.0677 6140 arc - ok
22:16:21.0697 6140 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
22:16:21.0712 6140 arcsas - ok
22:16:21.0769 6140 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
22:16:21.0782 6140 aswFsBlk - ok
22:16:21.0825 6140 [ 7B922B13ACFF9E4FBA24A6EACC417B78 ] aswFW C:\windows\system32\drivers\aswFW.sys
22:16:21.0840 6140 aswFW - ok
22:16:21.0879 6140 [ F146F83E8F7AC22BD011D5942E4C155C ] aswKbd C:\windows\system32\drivers\aswKbd.sys
22:16:21.0892 6140 aswKbd - ok
22:16:21.0936 6140 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
22:16:21.0949 6140 aswMonFlt - ok
22:16:21.0968 6140 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\windows\system32\DRIVERS\aswNdis.sys
22:16:21.0980 6140 aswNdis - ok
22:16:22.0002 6140 [ 5693F48725D83510C5C2A60DB4137D85 ] aswNdis2 C:\windows\system32\drivers\aswNdis2.sys
22:16:22.0018 6140 aswNdis2 - ok
22:16:22.0077 6140 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
22:16:22.0089 6140 aswRdr - ok
22:16:22.0142 6140 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\windows\system32\drivers\aswSnx.sys
22:16:22.0169 6140 aswSnx - ok
22:16:22.0232 6140 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\windows\system32\drivers\aswSP.sys
22:16:22.0249 6140 aswSP - ok
22:16:22.0285 6140 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\windows\system32\drivers\aswTdi.sys
22:16:22.0298 6140 aswTdi - ok
22:16:22.0323 6140 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
22:16:22.0380 6140 AsyncMac - ok
22:16:22.0421 6140 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
22:16:22.0434 6140 atapi - ok
22:16:22.0471 6140 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:16:22.0534 6140 AudioEndpointBuilder - ok
22:16:22.0543 6140 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
22:16:22.0580 6140 AudioSrv - ok
22:16:22.0709 6140 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:16:22.0720 6140 avast! Antivirus - ok
22:16:22.0756 6140 [ DD4C61CB3CDBC8B0A7D2107C6944DC71 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
22:16:22.0769 6140 avast! Firewall - ok
22:16:22.0794 6140 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
22:16:22.0845 6140 AxInstSV - ok
22:16:22.0879 6140 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
22:16:22.0927 6140 b06bdrv - ok
22:16:22.0967 6140 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
22:16:23.0022 6140 b57nd60a - ok
22:16:23.0042 6140 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
22:16:23.0076 6140 BDESVC - ok
22:16:23.0091 6140 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
22:16:23.0169 6140 Beep - ok
22:16:23.0245 6140 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
22:16:23.0292 6140 BFE - ok
22:16:23.0398 6140 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
22:16:23.0482 6140 BITS - ok
22:16:23.0513 6140 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
22:16:23.0539 6140 blbdrive - ok
22:16:23.0576 6140 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
22:16:23.0612 6140 bowser - ok
22:16:23.0635 6140 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys
22:16:23.0648 6140 BPntDrv - ok
22:16:23.0667 6140 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
22:16:23.0695 6140 BrFiltLo - ok
22:16:23.0714 6140 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
22:16:23.0731 6140 BrFiltUp - ok
22:16:23.0776 6140 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
22:16:23.0792 6140 Browser - ok
22:16:23.0824 6140 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
22:16:23.0865 6140 Brserid - ok
22:16:23.0878 6140 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
22:16:23.0907 6140 BrSerWdm - ok
22:16:23.0910 6140 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
22:16:23.0937 6140 BrUsbMdm - ok
22:16:23.0959 6140 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
22:16:23.0985 6140 BrUsbSer - ok
22:16:24.0017 6140 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
22:16:24.0055 6140 BthEnum - ok
22:16:24.0078 6140 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
22:16:24.0111 6140 BTHMODEM - ok
22:16:24.0134 6140 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
22:16:24.0167 6140 BthPan - ok
22:16:24.0202 6140 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
22:16:24.0237 6140 BTHPORT - ok
22:16:24.0265 6140 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
22:16:24.0315 6140 bthserv - ok
22:16:24.0349 6140 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
22:16:24.0380 6140 BTHUSB - ok
22:16:24.0411 6140 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\windows\system32\DRIVERS\btwampfl.sys
22:16:24.0428 6140 BTWAMPFL - ok
22:16:24.0450 6140 [ 7CF028CE78696882B327FF13D2DFA534 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
22:16:24.0463 6140 btwaudio - ok
22:16:24.0476 6140 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\windows\system32\drivers\btwavdt.sys
22:16:24.0491 6140 btwavdt - ok
22:16:24.0568 6140 [ 3D5E7FB2CB69A6186C7954C0859173F4 ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
22:16:24.0589 6140 btwdins - ok
22:16:24.0604 6140 [ 346B4051B3D7FF70E8F027869B8ECA6E ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
22:16:24.0616 6140 btwl2cap - ok
22:16:24.0626 6140 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
22:16:24.0637 6140 btwrchid - ok
22:16:24.0668 6140 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
22:16:24.0720 6140 cdfs - ok
22:16:24.0723 6140 cdrbsdrv - ok
22:16:24.0745 6140 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
22:16:24.0779 6140 cdrom - ok
22:16:24.0798 6140 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
22:16:24.0853 6140 CertPropSvc - ok
22:16:24.0877 6140 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
22:16:24.0915 6140 circlass - ok
22:16:24.0940 6140 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
22:16:24.0959 6140 CLFS - ok
22:16:25.0073 6140 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:16:25.0087 6140 clr_optimization_v2.0.50727_32 - ok
22:16:25.0120 6140 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:16:25.0133 6140 clr_optimization_v2.0.50727_64 - ok
22:16:25.0186 6140 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:16:25.0199 6140 clr_optimization_v4.0.30319_32 - ok
22:16:25.0239 6140 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:16:25.0252 6140 clr_optimization_v4.0.30319_64 - ok
22:16:25.0282 6140 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
22:16:25.0295 6140 clwvd - ok
22:16:25.0298 6140 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
22:16:25.0328 6140 CmBatt - ok
22:16:25.0358 6140 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
22:16:25.0371 6140 cmdide - ok
22:16:25.0420 6140 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
22:16:25.0458 6140 CNG - ok
22:16:25.0466 6140 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
22:16:25.0479 6140 Compbatt - ok
22:16:25.0495 6140 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
22:16:25.0530 6140 CompositeBus - ok
22:16:25.0532 6140 COMSysApp - ok
22:16:25.0577 6140 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
22:16:25.0594 6140 cphs - ok
22:16:25.0613 6140 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
22:16:25.0626 6140 crcdisk - ok
22:16:25.0675 6140 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
22:16:25.0708 6140 CryptSvc - ok
22:16:25.0744 6140 [ D9FA197432A684F889919C42EBD7D60A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys
22:16:25.0785 6140 CtClsFlt - ok
22:16:25.0865 6140 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:16:25.0887 6140 cvhsvc - ok
22:16:25.0920 6140 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
22:16:25.0969 6140 DcomLaunch - ok
22:16:26.0003 6140 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
22:16:26.0054 6140 defragsvc - ok
22:16:26.0077 6140 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
22:16:26.0122 6140 DfsC - ok
22:16:26.0143 6140 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
22:16:26.0210 6140 Dhcp - ok
22:16:26.0229 6140 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
22:16:26.0272 6140 discache - ok
22:16:26.0286 6140 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
22:16:26.0300 6140 Disk - ok
22:16:26.0327 6140 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
22:16:26.0360 6140 Dnscache - ok
22:16:26.0386 6140 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
22:16:26.0440 6140 dot3svc - ok
22:16:26.0445 6140 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
22:16:26.0487 6140 DPS - ok
22:16:26.0508 6140 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
22:16:26.0535 6140 drmkaud - ok
22:16:26.0562 6140 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\windows\system32\DRIVERS\dtsoftbus01.sys
22:16:26.0578 6140 dtsoftbus01 - ok
22:16:26.0604 6140 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
22:16:26.0636 6140 DXGKrnl - ok
22:16:26.0651 6140 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
22:16:26.0700 6140 EapHost - ok
22:16:26.0934 6140 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
22:16:27.0071 6140 ebdrv - ok
22:16:27.0102 6140 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
22:16:27.0136 6140 EFS - ok
22:16:27.0204 6140 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
22:16:27.0240 6140 ehRecvr - ok
22:16:27.0263 6140 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
22:16:27.0299 6140 ehSched - ok
22:16:27.0333 6140 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
22:16:27.0354 6140 elxstor - ok
22:16:27.0366 6140 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
22:16:27.0398 6140 ErrDev - ok
22:16:27.0447 6140 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
22:16:27.0485 6140 EventSystem - ok
22:16:27.0551 6140 [ F8F610093E1D7FDFA477FC34D15D5C60 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:16:27.0580 6140 EvtEng - ok
22:16:27.0598 6140 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
22:16:27.0653 6140 exfat - ok
22:16:27.0675 6140 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
22:16:27.0727 6140 fastfat - ok
22:16:27.0762 6140 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
22:16:27.0804 6140 Fax - ok
22:16:27.0821 6140 [ 3191ACA33088EE2481044FC0DB736442 ] fbfmon C:\windows\system32\drivers\fbfmon.sys
22:16:27.0834 6140 fbfmon - ok
22:16:27.0865 6140 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
22:16:27.0881 6140 fdc - ok
22:16:27.0904 6140 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
22:16:27.0956 6140 fdPHost - ok
22:16:27.0977 6140 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
22:16:28.0021 6140 FDResPub - ok
22:16:28.0035 6140 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
22:16:28.0049 6140 FileInfo - ok
22:16:28.0065 6140 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
22:16:28.0118 6140 Filetrace - ok
22:16:28.0141 6140 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
22:16:28.0159 6140 flpydisk - ok
22:16:28.0176 6140 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
22:16:28.0193 6140 FltMgr - ok
22:16:28.0224 6140 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
22:16:28.0266 6140 FontCache - ok
22:16:28.0315 6140 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:16:28.0327 6140 FontCache3.0.0.0 - ok
22:16:28.0345 6140 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
22:16:28.0358 6140 FsDepends - ok
22:16:28.0390 6140 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
22:16:28.0403 6140 Fs_Rec - ok
22:16:28.0423 6140 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
22:16:28.0441 6140 fvevol - ok
22:16:28.0457 6140 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
22:16:28.0471 6140 gagp30kx - ok
22:16:28.0507 6140 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
22:16:28.0569 6140 gpsvc - ok
22:16:28.0591 6140 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
22:16:28.0620 6140 hcw85cir - ok
22:16:28.0642 6140 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:16:28.0665 6140 HdAudAddService - ok
22:16:28.0687 6140 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
22:16:28.0706 6140 HDAudBus - ok
22:16:28.0746 6140 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
22:16:28.0763 6140 HidBatt - ok
22:16:28.0798 6140 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
22:16:28.0831 6140 HidBth - ok
22:16:28.0861 6140 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
22:16:28.0879 6140 HidIr - ok
22:16:28.0905 6140 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
22:16:28.0949 6140 hidserv - ok
22:16:28.0964 6140 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
22:16:28.0979 6140 HidUsb - ok
22:16:28.0998 6140 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
22:16:29.0041 6140 hkmsvc - ok
22:16:29.0064 6140 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:16:29.0083 6140 HomeGroupListener - ok
22:16:29.0114 6140 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:16:29.0152 6140 HomeGroupProvider - ok
22:16:29.0173 6140 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
22:16:29.0187 6140 HpSAMD - ok
22:16:29.0208 6140 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
22:16:29.0262 6140 HTTP - ok
22:16:29.0283 6140 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
22:16:29.0296 6140 hwpolicy - ok
22:16:29.0307 6140 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
22:16:29.0323 6140 i8042prt - ok
22:16:29.0354 6140 [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
22:16:29.0370 6140 iaStor - ok
22:16:29.0396 6140 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
22:16:29.0439 6140 iaStorV - ok
22:16:29.0523 6140 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:16:29.0549 6140 idsvc - ok
22:16:29.0796 6140 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
22:16:30.0110 6140 igfx - ok
22:16:30.0137 6140 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
22:16:30.0151 6140 iirsp - ok
22:16:30.0186 6140 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
22:16:30.0246 6140 IKEEXT - ok
22:16:30.0308 6140 [ A9853214CC97796579D75B1F59C51DCD ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
22:16:30.0383 6140 IntcAzAudAddService - ok
22:16:30.0407 6140 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
22:16:30.0424 6140 IntcDAud - ok
22:16:30.0449 6140 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
22:16:30.0462 6140 intelide - ok
22:16:30.0487 6140 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
22:16:30.0515 6140 intelppm - ok
22:16:30.0547 6140 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
22:16:30.0583 6140 IPBusEnum - ok
22:16:30.0601 6140 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
22:16:30.0634 6140 IpFilterDriver - ok
22:16:30.0658 6140 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
22:16:30.0716 6140 iphlpsvc - ok
22:16:30.0734 6140 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
22:16:30.0751 6140 IPMIDRV - ok
22:16:30.0764 6140 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
22:16:30.0817 6140 IPNAT - ok
22:16:30.0839 6140 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
22:16:30.0876 6140 IRENUM - ok
22:16:30.0890 6140 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
22:16:30.0904 6140 isapnp - ok
22:16:30.0921 6140 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
22:16:30.0938 6140 iScsiPrt - ok
22:16:30.0976 6140 [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb C:\windows\system32\DRIVERS\ivusb.sys
22:16:30.0988 6140 ivusb - ok
22:16:31.0014 6140 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
22:16:31.0027 6140 kbdclass - ok
22:16:31.0040 6140 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
22:16:31.0070 6140 kbdhid - ok
22:16:31.0090 6140 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
22:16:31.0106 6140 KeyIso - ok
22:16:31.0109 6140 KMService - ok
22:16:31.0156 6140 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
22:16:31.0170 6140 KSecDD - ok
22:16:31.0189 6140 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
22:16:31.0204 6140 KSecPkg - ok
22:16:31.0222 6140 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
22:16:31.0275 6140 ksthunk - ok
22:16:31.0307 6140 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
22:16:31.0358 6140 KtmRm - ok
22:16:31.0397 6140 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
22:16:31.0448 6140 LanmanServer - ok
22:16:31.0472 6140 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:16:31.0518 6140 LanmanWorkstation - ok
22:16:31.0553 6140 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
22:16:31.0565 6140 LHDmgr - ok
22:16:31.0580 6140 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
22:16:31.0614 6140 lltdio - ok
22:16:31.0642 6140 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
22:16:31.0698 6140 lltdsvc - ok
22:16:31.0717 6140 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
22:16:31.0769 6140 lmhosts - ok
22:16:31.0835 6140 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:16:31.0850 6140 LMS - ok
22:16:31.0888 6140 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
22:16:31.0903 6140 LSI_FC - ok
22:16:31.0916 6140 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
22:16:31.0930 6140 LSI_SAS - ok
22:16:31.0952 6140 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
22:16:31.0966 6140 LSI_SAS2 - ok
22:16:31.0977 6140 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
22:16:31.0992 6140 LSI_SCSI - ok
22:16:32.0004 6140 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
22:16:32.0048 6140 luafv - ok
22:16:32.0079 6140 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
22:16:32.0117 6140 Mcx2Svc - ok
22:16:32.0138 6140 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
22:16:32.0152 6140 megasas - ok
22:16:32.0169 6140 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
22:16:32.0186 6140 MegaSR - ok
22:16:32.0205 6140 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
22:16:32.0218 6140 MEIx64 - ok
22:16:32.0236 6140 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
22:16:32.0271 6140 MMCSS - ok
22:16:32.0283 6140 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
22:16:32.0328 6140 Modem - ok
22:16:32.0348 6140 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
22:16:32.0377 6140 monitor - ok
22:16:32.0398 6140 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
22:16:32.0412 6140 mouclass - ok
22:16:32.0426 6140 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
22:16:32.0454 6140 mouhid - ok
22:16:32.0477 6140 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
22:16:32.0491 6140 mountmgr - ok
22:16:32.0531 6140 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:16:32.0545 6140 MozillaMaintenance - ok
22:16:32.0568 6140 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
22:16:32.0585 6140 mpio - ok
22:16:32.0599 6140 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
22:16:32.0632 6140 mpsdrv - ok
22:16:32.0863 6140 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
22:16:32.0923 6140 MpsSvc - ok
22:16:32.0946 6140 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
22:16:32.0993 6140 MRxDAV - ok
22:16:33.0008 6140 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
22:16:33.0036 6140 mrxsmb - ok
22:16:33.0068 6140 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
22:16:33.0106 6140 mrxsmb10 - ok
22:16:33.0138 6140 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
22:16:33.0165 6140 mrxsmb20 - ok
22:16:33.0185 6140 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
22:16:33.0198 6140 msahci - ok
22:16:33.0221 6140 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
22:16:33.0236 6140 msdsm - ok
22:16:33.0255 6140 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
22:16:33.0291 6140 MSDTC - ok
22:16:33.0310 6140 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
22:16:33.0342 6140 Msfs - ok
22:16:33.0359 6140 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
22:16:33.0409 6140 mshidkmdf - ok
22:16:33.0413 6140 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
22:16:33.0427 6140 msisadrv - ok
22:16:33.0466 6140 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
22:16:33.0500 6140 MSiSCSI - ok
22:16:33.0504 6140 msiserver - ok
22:16:33.0518 6140 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
22:16:33.0569 6140 MSKSSRV - ok
22:16:33.0592 6140 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
22:16:33.0641 6140 MSPCLOCK - ok
22:16:33.0662 6140 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
22:16:33.0709 6140 MSPQM - ok
22:16:33.0736 6140 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
22:16:33.0755 6140 MsRPC - ok
22:16:33.0761 6140 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
22:16:33.0774 6140 mssmbios - ok
22:16:33.0789 6140 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
22:16:33.0821 6140 MSTEE - ok
22:16:33.0831 6140 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
22:16:33.0859 6140 MTConfig - ok
22:16:33.0879 6140 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
22:16:33.0893 6140 Mup - ok
22:16:33.0925 6140 [ F6EA50DBC391F04CA49427010657CCB3 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:16:33.0941 6140 MyWiFiDHCPDNS - ok
22:16:33.0970 6140 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
22:16:34.0024 6140 napagent - ok
22:16:34.0043 6140 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
22:16:34.0082 6140 NativeWifiP - ok
22:16:34.0152 6140 [ E4534BCCDD1EA7A7A256BB9D6688A5FC ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
22:16:34.0171 6140 NAUpdate - ok
22:16:34.0222 6140 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
22:16:34.0250 6140 NDIS - ok
22:16:34.0263 6140 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
22:16:34.0316 6140 NdisCap - ok
22:16:34.0335 6140 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
22:16:34.0368 6140 NdisTapi - ok
22:16:34.0375 6140 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
22:16:34.0429 6140 Ndisuio - ok
22:16:34.0446 6140 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
22:16:34.0489 6140 NdisWan - ok
22:16:34.0513 6140 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
22:16:34.0545 6140 NDProxy - ok
22:16:34.0567 6140 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
22:16:34.0611 6140 NetBIOS - ok
22:16:34.0673 6140 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
22:16:34.0720 6140 NetBT - ok
22:16:34.0756 6140 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
22:16:34.0772 6140 Netlogon - ok
22:16:34.0802 6140 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
22:16:34.0855 6140 Netman - ok
22:16:34.0865 6140 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
22:16:34.0909 6140 netprofm - ok
22:16:34.0943 6140 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:16:34.0955 6140 NetTcpPortSharing - ok
22:16:35.0108 6140 [ 30933BB56FB611D0252BAD488ADFB533 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
22:16:35.0310 6140 NETwNs64 - ok
22:16:35.0347 6140 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
22:16:35.0361 6140 nfrd960 - ok
22:16:35.0394 6140 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
22:16:35.0444 6140 NlaSvc - ok
22:16:35.0484 6140 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\windows\system32\drivers\npf.sys
22:16:35.0497 6140 NPF - ok
22:16:35.0514 6140 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
22:16:35.0546 6140 Npfs - ok
22:16:35.0596 6140 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
22:16:35.0640 6140 nsi - ok
22:16:35.0653 6140 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
22:16:35.0702 6140 nsiproxy - ok
22:16:35.0743 6140 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
22:16:35.0797 6140 Ntfs - ok
22:16:35.0812 6140 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
22:16:35.0854 6140 Null - ok
22:16:36.0067 6140 [ 7328528DAF9B8A486E16595A35043DB0 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
22:16:36.0360 6140 nvlddmkm - ok
22:16:36.0380 6140 [ 8AE5A124F3B65C3EC531D251A3E9C87F ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
22:16:36.0393 6140 nvpciflt - ok
22:16:36.0416 6140 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
22:16:36.0431 6140 nvraid - ok
22:16:36.0437 6140 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
22:16:36.0452 6140 nvstor - ok
22:16:36.0501 6140 [ CEA3416907C17BB6623D9CB1E015B3C4 ] NVSvc C:\windows\system32\nvvsvc.exe
22:16:36.0529 6140 NVSvc - ok
22:16:36.0581 6140 [ 741688E5A65CC43567BCC329AE130075 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
22:16:36.0615 6140 nvUpdatusService - ok
22:16:36.0623 6140 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
22:16:36.0637 6140 nv_agp - ok
22:16:36.0645 6140 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
22:16:36.0674 6140 ohci1394 - ok
22:16:36.0712 6140 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:16:36.0726 6140 ose - ok
22:16:36.0828 6140 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:16:36.0955 6140 osppsvc - ok
22:16:37.0009 6140 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
22:16:37.0068 6140 p2pimsvc - ok
22:16:37.0105 6140 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
22:16:37.0145 6140 p2psvc - ok
22:16:37.0262 6140 [ 20BD38241EDD66D8FDC9E3496A1762A3 ] PanService C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
22:16:37.0292 6140 PanService - ok
22:16:37.0322 6140 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
22:16:37.0353 6140 Parport - ok
22:16:37.0383 6140 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
22:16:37.0397 6140 partmgr - ok
22:16:37.0417 6140 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
22:16:37.0459 6140 PcaSvc - ok
22:16:37.0490 6140 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
22:16:37.0506 6140 pci - ok
22:16:37.0531 6140 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
22:16:37.0544 6140 pciide - ok
22:16:37.0551 6140 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
22:16:37.0568 6140 pcmcia - ok
22:16:37.0605 6140 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\windows\system32\Drivers\pcouffin.sys
22:16:37.0636 6140 pcouffin - ok
22:16:37.0661 6140 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
22:16:37.0674 6140 pcw - ok
22:16:37.0704 6140 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
22:16:37.0782 6140 PEAUTH - ok
22:16:37.0823 6140 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
22:16:37.0852 6140 PerfHost - ok
22:16:37.0918 6140 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
22:16:37.0987 6140 pla - ok
22:16:38.0022 6140 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
22:16:38.0057 6140 PlugPlay - ok
22:16:38.0078 6140 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
22:16:38.0115 6140 PNRPAutoReg - ok
22:16:38.0132 6140 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
22:16:38.0151 6140 PNRPsvc - ok
22:16:38.0185 6140 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
22:16:38.0239 6140 PolicyAgent - ok
22:16:38.0270 6140 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
22:16:38.0324 6140 Power - ok
22:16:38.0346 6140 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
22:16:38.0389 6140 PptpMiniport - ok
22:16:38.0413 6140 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
22:16:38.0446 6140 Processor - ok
22:16:38.0493 6140 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
22:16:38.0524 6140 ProfSvc - ok
22:16:38.0546 6140 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
22:16:38.0561 6140 ProtectedStorage - ok
22:16:38.0581 6140 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
22:16:38.0626 6140 Psched - ok
22:16:38.0704 6140 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
22:16:38.0742 6140 ql2300 - ok
22:16:38.0826 6140 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
22:16:38.0840 6140 ql40xx - ok
22:16:38.0871 6140 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
22:16:38.0894 6140 QWAVE - ok
22:16:38.0917 6140 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
22:16:38.0957 6140 QWAVEdrv - ok
22:16:38.0962 6140 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
22:16:38.0999 6140 RasAcd - ok
22:16:39.0048 6140 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
22:16:39.0081 6140 RasAgileVpn - ok
22:16:39.0117 6140 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
22:16:39.0161 6140 RasAuto - ok
22:16:39.0188 6140 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
22:16:39.0233 6140 Rasl2tp - ok
22:16:39.0252 6140 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
22:16:39.0323 6140 RasMan - ok
22:16:39.0354 6140 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
22:16:39.0403 6140 RasPppoe - ok
22:16:39.0425 6140 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
22:16:39.0469 6140 RasSstp - ok
22:16:39.0510 6140 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
22:16:39.0565 6140 rdbss - ok
22:16:39.0583 6140 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
22:16:39.0601 6140 rdpbus - ok
22:16:39.0614 6140 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
22:16:39.0658 6140 RDPCDD - ok
22:16:39.0682 6140 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
22:16:39.0726 6140 RDPENCDD - ok
22:16:39.0733 6140 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
22:16:39.0766 6140 RDPREFMP - ok
22:16:39.0808 6140 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
22:16:39.0841 6140 RDPWD - ok
22:16:39.0862 6140 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
22:16:39.0878 6140 rdyboost - ok
22:16:39.0957 6140 [ 9276F4D4109FC349925D28E00E533146 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:16:39.0977 6140 RegSrvc - ok
22:16:40.0012 6140 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
22:16:40.0066 6140 RemoteAccess - ok
22:16:40.0111 6140 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
22:16:40.0169 6140 RemoteRegistry - ok
22:16:40.0193 6140 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
22:16:40.0232 6140 RFCOMM - ok
22:16:40.0276 6140 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
22:16:40.0289 6140 rpcapd - ok
22:16:40.0302 6140 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
22:16:40.0348 6140 RpcEptMapper - ok
22:16:40.0382 6140 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
22:16:40.0412 6140 RpcLocator - ok
22:16:40.0441 6140 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
22:16:40.0477 6140 RpcSs - ok
22:16:40.0510 6140 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
22:16:40.0543 6140 rspndr - ok
22:16:40.0648 6140 [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
22:16:40.0665 6140 RSUSBVSTOR - ok
22:16:40.0702 6140 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
22:16:40.0722 6140 RTL8167 - ok
22:16:40.0746 6140 [ A11AB0AF5C7C2724D493F837C51F1575 ] RtLedService C:\Program Files\Realtek\RtLED\RtLEDService.exe
22:16:40.0766 6140 RtLedService ( UnsignedFile.Multi.Generic ) - warning
22:16:40.0766 6140 RtLedService - detected UnsignedFile.Multi.Generic (1)
22:16:40.0790 6140 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
22:16:40.0805 6140 SamSs - ok
22:16:40.0838 6140 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
22:16:40.0852 6140 sbp2port - ok
22:16:40.0884 6140 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
22:16:40.0921 6140 SCardSvr - ok
22:16:40.0939 6140 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
22:16:40.0989 6140 scfilter - ok
22:16:41.0027 6140 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
22:16:41.0096 6140 Schedule - ok
22:16:41.0119 6140 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
22:16:41.0151 6140 SCPolicySvc - ok
22:16:41.0166 6140 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
22:16:41.0185 6140 SDRSVC - ok
22:16:41.0219 6140 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
22:16:41.0272 6140 secdrv - ok
22:16:41.0289 6140 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
22:16:41.0339 6140 seclogon - ok
22:16:41.0363 6140 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
22:16:41.0397 6140 SENS - ok
22:16:41.0410 6140 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
22:16:41.0445 6140 SensrSvc - ok
22:16:41.0467 6140 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
22:16:41.0501 6140 Serenum - ok
22:16:41.0516 6140 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
22:16:41.0543 6140 Serial - ok
22:16:41.0562 6140 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
22:16:41.0591 6140 sermouse - ok
22:16:41.0622 6140 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
22:16:41.0657 6140 SessionEnv - ok
22:16:41.0677 6140 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
22:16:41.0694 6140 sffdisk - ok
22:16:41.0709 6140 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
22:16:41.0746 6140 sffp_mmc - ok
22:16:41.0769 6140 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
22:16:41.0796 6140 sffp_sd - ok
22:16:41.0815 6140 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
22:16:41.0848 6140 sfloppy - ok
22:16:41.0892 6140 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
22:16:41.0917 6140 Sftfs - ok
22:16:41.0969 6140 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:16:41.0988 6140 sftlist - ok
22:16:42.0006 6140 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
22:16:42.0022 6140 Sftplay - ok
22:16:42.0028 6140 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
22:16:42.0040 6140 Sftredir - ok
22:16:42.0083 6140 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
22:16:42.0095 6140 Sftvol - ok
22:16:42.0128 6140 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:16:42.0142 6140 sftvsa - ok
22:16:42.0189 6140 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
22:16:42.0239 6140 SharedAccess - ok
22:16:42.0278 6140 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:16:42.0332 6140 ShellHWDetection - ok
22:16:42.0361 6140 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
22:16:42.0374 6140 SiSRaid2 - ok
22:16:42.0406 6140 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
22:16:42.0421 6140 SiSRaid4 - ok
22:16:42.0442 6140 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
22:16:42.0494 6140 Smb - ok
22:16:42.0520 6140 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
22:16:42.0557 6140 SNMPTRAP - ok
22:16:42.0584 6140 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
22:16:42.0598 6140 spldr - ok
22:16:42.0646 6140 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
22:16:42.0670 6140 Spooler - ok
22:16:42.0734 6140 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
22:16:42.0853 6140 sppsvc - ok
22:16:42.0878 6140 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
22:16:42.0912 6140 sppuinotify - ok
22:16:42.0941 6140 [ 454800C2BC7F3927CE030141EE4F4C50 ] SPUVCbv C:\windows\system32\Drivers\usbvideo.sys
22:16:42.0976 6140 SPUVCbv - ok
22:16:43.0007 6140 [ B9657A0AFF28C1CB114ACC0CB93EE4BB ] sp_rsdrv2 C:\windows\system32\DRIVERS\stflt.sys
22:16:43.0020 6140 sp_rsdrv2 - ok
22:16:43.0051 6140 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
22:16:43.0071 6140 srv - ok
22:16:43.0093 6140 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
22:16:43.0125 6140 srv2 - ok
22:16:43.0142 6140 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
22:16:43.0159 6140 srvnet - ok
22:16:43.0197 6140 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
22:16:43.0242 6140 SSDPSRV - ok
22:16:43.0262 6140 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
22:16:43.0298 6140 SstpSvc - ok
22:16:43.0388 6140 [ DDD02F9CB4CB29FC1655F199B3432C3D ] ST2012_Svc C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
22:16:43.0411 6140 ST2012_Svc - ok
22:16:43.0445 6140 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
22:16:43.0458 6140 stexstor - ok
22:16:43.0502 6140 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
22:16:43.0530 6140 stisvc - ok
22:16:43.0545 6140 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
22:16:43.0559 6140 swenum - ok
22:16:43.0576 6140 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
22:16:43.0633 6140 swprv - ok
22:16:43.0685 6140 [ 08425CD92972C6430F350A9697F4A553 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
22:16:43.0740 6140 SynTP - ok
22:16:43.0779 6140 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
22:16:43.0849 6140 SysMain - ok
22:16:43.0890 6140 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
22:16:43.0913 6140 TabletInputService - ok
22:16:43.0923 6140 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
22:16:43.0979 6140 TapiSrv - ok
22:16:44.0005 6140 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
22:16:44.0040 6140 TBS - ok
22:16:44.0111 6140 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
22:16:44.0169 6140 Tcpip - ok
22:16:44.0194 6140 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
22:16:44.0230 6140 TCPIP6 - ok
22:16:44.0262 6140 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
22:16:44.0310 6140 tcpipreg - ok
22:16:44.0331 6140 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
22:16:44.0357 6140 TDPIPE - ok
22:16:44.0382 6140 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
22:16:44.0397 6140 TDTCP - ok
22:16:44.0423 6140 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
22:16:44.0473 6140 tdx - ok
22:16:44.0504 6140 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
22:16:44.0517 6140 TermDD - ok
22:16:44.0566 6140 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
22:16:44.0643 6140 TermService - ok
22:16:44.0685 6140 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
22:16:44.0706 6140 Themes - ok
22:16:44.0724 6140 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
22:16:44.0757 6140 THREADORDER - ok
22:16:44.0791 6140 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
22:16:44.0845 6140 TrkWks - ok
22:16:44.0978 6140 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:16:45.0034 6140 TrustedInstaller - ok
22:16:45.0053 6140 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
22:16:45.0085 6140 tssecsrv - ok
22:16:45.0091 6140 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
22:16:45.0118 6140 TsUsbFlt - ok
22:16:45.0150 6140 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
22:16:45.0176 6140 TsUsbGD - ok
22:16:45.0192 6140 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
22:16:45.0244 6140 tunnel - ok
22:16:45.0249 6140 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
22:16:45.0264 6140 uagp35 - ok
22:16:45.0272 6140 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
22:16:45.0317 6140 udfs - ok
22:16:45.0368 6140 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
22:16:45.0401 6140 UI0Detect - ok
22:16:45.0406 6140 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
22:16:45.0421 6140 uliagpkx - ok
22:16:45.0438 6140 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
22:16:45.0465 6140 umbus - ok
22:16:45.0489 6140 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
22:16:45.0521 6140 UmPass - ok
22:16:45.0641 6140 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:16:45.0716 6140 UNS - ok
22:16:45.0742 6140 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
22:16:45.0781 6140 upnphost - ok
22:16:45.0811 6140 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
22:16:45.0848 6140 usbaudio - ok
22:16:45.0887 6140 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
22:16:45.0920 6140 usbccgp - ok
22:16:45.0934 6140 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
22:16:45.0971 6140 usbcir - ok
22:16:45.0996 6140 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
22:16:46.0029 6140 usbehci - ok
22:16:46.0048 6140 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
22:16:46.0086 6140 usbhub - ok
22:16:46.0092 6140 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
22:16:46.0108 6140 usbohci - ok
22:16:46.0131 6140 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
22:16:46.0149 6140 usbprint - ok
22:16:46.0155 6140 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
22:16:46.0184 6140 USBSTOR - ok
22:16:46.0190 6140 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
22:16:46.0218 6140 usbuhci - ok
22:16:46.0241 6140 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
22:16:46.0260 6140 usbvideo - ok
22:16:46.0281 6140 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
22:16:46.0330 6140 UxSms - ok
22:16:46.0365 6140 [ BCAD05667BF4B3388C8C72AC10F877E8 ] V0690Vid C:\windows\system32\DRIVERS\V0690Vid.sys
22:16:46.0397 6140 V0690Vid - ok
22:16:46.0412 6140 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
22:16:46.0428 6140 VaultSvc - ok
22:16:46.0447 6140 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
22:16:46.0461 6140 vdrvroot - ok
22:16:46.0486 6140 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
22:16:46.0526 6140 vds - ok
22:16:46.0543 6140 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
22:16:46.0561 6140 vga - ok
22:16:46.0597 6140 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
22:16:46.0646 6140 VgaSave - ok
22:16:46.0666 6140 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
22:16:46.0682 6140 vhdmp - ok
22:16:46.0703 6140 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
22:16:46.0717 6140 viaide - ok
22:16:46.0732 6140 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
22:16:46.0747 6140 volmgr - ok
22:16:46.0766 6140 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
22:16:46.0786 6140 volmgrx - ok
22:16:46.0810 6140 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
22:16:46.0828 6140 volsnap - ok
22:16:46.0837 6140 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
22:16:46.0853 6140 vsmraid - ok
22:16:46.0931 6140 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
22:16:47.0022 6140 VSS - ok
22:16:47.0066 6140 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
22:16:47.0093 6140 vwifibus - ok
22:16:47.0112 6140 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
22:16:47.0147 6140 vwififlt - ok
22:16:47.0163 6140 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
22:16:47.0183 6140 vwifimp - ok
22:16:47.0206 6140 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
22:16:47.0257 6140 W32Time - ok
22:16:47.0280 6140 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
22:16:47.0311 6140 WacomPen - ok
22:16:47.0331 6140 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
22:16:47.0383 6140 WANARP - ok
22:16:47.0388 6140 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
22:16:47.0421 6140 Wanarpv6 - ok
22:16:47.0483 6140 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
22:16:47.0521 6140 WatAdminSvc - ok
22:16:47.0571 6140 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
22:16:47.0644 6140 wbengine - ok
22:16:47.0664 6140 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
22:16:47.0688 6140 WbioSrvc - ok
22:16:47.0716 6140 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
22:16:47.0742 6140 wcncsvc - ok
22:16:47.0759 6140 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:16:47.0787 6140 WcsPlugInService - ok
22:16:47.0823 6140 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
22:16:47.0837 6140 Wd - ok
22:16:47.0861 6140 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
22:16:47.0885 6140 Wdf01000 - ok
22:16:47.0899 6140 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
22:16:47.0922 6140 WdiServiceHost - ok
22:16:47.0927 6140 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
22:16:47.0948 6140 WdiSystemHost - ok
22:16:47.0975 6140 [ 94DC2BF6CBAAA95E369C3756D3115A76 ] wdkmd C:\windows\system32\DRIVERS\WDKMD.sys
22:16:47.0988 6140 wdkmd - ok
22:16:48.0009 6140 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
22:16:48.0045 6140 WebClient - ok
22:16:48.0063 6140 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
22:16:48.0117 6140 Wecsvc - ok
22:16:48.0140 6140 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
22:16:48.0177 6140 wercplsupport - ok
22:16:48.0198 6140 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
22:16:48.0252 6140 WerSvc - ok
22:16:48.0281 6140 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
22:16:48.0314 6140 WfpLwf - ok
22:16:48.0357 6140 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
22:16:48.0371 6140 WIMMount - ok
22:16:48.0406 6140 WinDefend - ok
22:16:48.0483 6140 [ 62A3E830ACC39EAD6CBB69095001F7B0 ] WinDriver6 C:\windows\system32\drivers\windrvr6.sys
22:16:48.0500 6140 WinDriver6 - ok
22:16:48.0505 6140 WinHttpAutoProxySvc - ok
22:16:48.0638 6140 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
22:16:48.0674 6140 Winmgmt - ok
22:16:48.0739 6140 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
22:16:48.0823 6140 WinRM - ok
22:16:48.0896 6140 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
22:16:48.0973 6140 Wlansvc - ok
22:16:49.0050 6140 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:16:49.0062 6140 wlcrasvc - ok
22:16:49.0126 6140 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:16:49.0199 6140 wlidsvc - ok
22:16:49.0232 6140 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
22:16:49.0247 6140 WmiAcpi - ok
22:16:49.0280 6140 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
22:16:49.0313 6140 wmiApSrv - ok
22:16:49.0362 6140 WMPNetworkSvc - ok
22:16:49.0379 6140 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
22:16:49.0396 6140 WPCSvc - ok
22:16:49.0414 6140 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
22:16:49.0434 6140 WPDBusEnum - ok
22:16:49.0446 6140 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
22:16:49.0478 6140 ws2ifsl - ok
22:16:49.0494 6140 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
22:16:49.0530 6140 wscsvc - ok
22:16:49.0535 6140 WSearch - ok
22:16:49.0579 6140 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
22:16:49.0594 6140 wsvd - ok
22:16:49.0709 6140 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
22:16:49.0785 6140 wuauserv - ok
22:16:49.0818 6140 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
22:16:49.0861 6140 WudfPf - ok
22:16:49.0882 6140 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
22:16:49.0917 6140 WUDFRd - ok
22:16:49.0940 6140 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
22:16:49.0975 6140 wudfsvc - ok
22:16:49.0999 6140 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
22:16:50.0035 6140 WwanSvc - ok
22:16:50.0059 6140 ================ Scan global ===============================
22:16:50.0108 6140 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
22:16:50.0142 6140 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
22:16:50.0151 6140 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
22:16:50.0177 6140 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
22:16:50.0203 6140 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
22:16:50.0207 6140 [Global] - ok
22:16:50.0207 6140 ================ Scan MBR ==================================
22:16:50.0223 6140 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:16:50.0747 6140 \Device\Harddisk0\DR0 - ok
22:16:50.0748 6140 ================ Scan VBR ==================================
22:16:50.0750 6140 [ 4022F09CD6006229F1596A86CA848D46 ] \Device\Harddisk0\DR0\Partition1
22:16:50.0751 6140 \Device\Harddisk0\DR0\Partition1 - ok
22:16:50.0782 6140 [ 32EF51C39CD5B8228F247359AE86113D ] \Device\Harddisk0\DR0\Partition2
22:16:50.0784 6140 \Device\Harddisk0\DR0\Partition2 - ok
22:16:50.0809 6140 [ EDDA01FCD636768C15D14178C731C55C ] \Device\Harddisk0\DR0\Partition3
22:16:50.0811 6140 \Device\Harddisk0\DR0\Partition3 - ok
22:16:50.0812 6140 ============================================================
22:16:50.0812 6140 Scan finished
22:16:50.0812 6140 ============================================================
22:16:50.0819 6012 Detected object count: 1
22:16:50.0819 6012 Actual detected object count: 1
22:17:05.0921 6012 RtLedService ( UnsignedFile.Multi.Generic ) - skipped by user
22:17:05.0921 6012 RtLedService ( UnsignedFile.Multi.Generic ) - User select action: Skip


--------------------------------------------------------------------------------------------------------------------------------

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Pavel [Práva správce]
Mód : Kontrola -- Datum : 10/07/2012 22:28:25

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 9 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : V0690Mon.exe (C:\windows\V0690Mon.exe) -> NALEZENO
[STARTUP][SUSP PATH] Facebook Messenger.lnk @Pavel : C:\Users\Pavel\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe -> NALEZENO
[STARTUP][SUSP PATH] Magic.exe @Pavel : C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Magic.exe -> NALEZENO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD7500BPVT-24HXZT3 +++++
--- User ---
[MBR] 60387c6405408380a896d7b3a858da95
[BSP] 6c319b384723729dc49a5658b21470df : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 670405 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1373401088 | Size: 29698 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434222592 | Size: 15100 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

Spustte znovu RogueKiller

• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
• Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Poprosim o log z DDS

• Stahnete DDS odsud http://download.bleepingcomputer.com/sUBs/Beta/dds.exe a ulozte na plochu
• Spustte a kliknete na Start
• Po chvili vyskoci log, ten rad uvidim

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Posílám logy:


RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Pavel [Práva správce]
Mód : Odebrat -- Datum : 10/08/2012 14:58:11

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 7 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : V0690Mon.exe (C:\windows\V0690Mon.exe) -> VYMAZÁNO
[STARTUP][SUSP PATH] Facebook Messenger.lnk @Pavel : C:\Users\Pavel\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe -> VYMAZÁNO
[STARTUP][SUSP PATH] Magic.exe @Pavel : C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Magic.exe -> VYMAZÁNO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD7500BPVT-24HXZT3 +++++
--- User ---
[MBR] 60387c6405408380a896d7b3a858da95
[BSP] 6c319b384723729dc49a5658b21470df : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 670405 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1373401088 | Size: 29698 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434222592 | Size: 15100 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt



--------------------------------------------------------------------------------------------------------------------------------



RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Pavel [Práva správce]
Mód : Oprava HOSTS -- Datum : 10/08/2012 15:00:36

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ Resetovaný HOSTS: ¤¤¤


Dokončeno : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



--------------------------------------------------------------------------------------------------------------------------------



DDS (Ver_2011-09-30.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Pavel at 15:01:37 on 2012-10-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4010.2224 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE
C:\WINDOWS\SYSTEM32\WLANEXT.EXE
C:\windows\system32\conhost.exe
C:\windows\system32\nvvsvc.exe
C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AFWSERV.EXE
C:\WINDOWS\SYSTEM32\DWM.EXE
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\LENOVO\BLUETOOTH SOFTWARE\BTWDINS.EXE
C:\WINDOWS\SYSTEM32\TASKHOST.EXE
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\PROGRAM FILES (X86)\PANDORA.TV\PANSERVICE\PANDORASERVICE.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VIRTUALIZATION HANDLER\CVHSVC.EXE
C:\PROGRAM FILES\REALTEK\AUDIO\HDA\RAVCPL64.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\IFRMEWRK.EXE
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE
C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
C:\PROGRAM FILES (X86)\DAEMON TOOLS LITE\DTLITE.EXE
C:\PROGRAM FILES\LENOVO\BLUETOOTH SOFTWARE\BTTRAY.EXE
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Cyberlink\PowerDVD\PDVDServ.exe
C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTUI.EXE
C:\WINDOWS\SYSWOW64\RUNDLL32.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\LMS\LMS.EXE
C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\NVIDIA UPDATUS\DAEMONU.EXE
C:\PROGRAM FILES\REALTEK\RTLED\RTLEDSERVICE.EXE
C:\PROGRAM FILES\REALTEK\RTLED\RTLED.EXE
C:\windows\System32\svchost.exe -k secsvcs
C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\UNS\UNS.EXE
C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE
C:\windows\system32\svchost.exe -k SDRSVC
C:\USERS\PAVEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
C:\USERS\PAVEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
C:\USERS\PAVEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
C:\USERS\PAVEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
C:\USERS\PAVEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
C:\USERS\PAVEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
C:\USERS\PAVEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
C:\WINDOWS\SYSTEM32\TASKENG.EXE
C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE
C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\WINDOWS\SYSWOW64\NOTEPAD.EXE
C:\WINDOWS\SYSTEM32\CONHOST.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE
C:\WINDOWS\SYSTEM32\DLLHOST.EXE
C:\WINDOWS\SYSTEM32\CSCRIPT.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
mStart Page = hxxp://lenovo.msn.com
uURLSearchHooks: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - <orphaned>
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
dURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
dURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe
BHO: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Pomocná služba pro přihlášení ke službě Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Facebook Update] "C:\Users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
uPolicies-Explorer: MaxRecentDocs = dword:99
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A5E09327-D59F-411A-906D-0DE9596F9063} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A5E09327-D59F-411A-906D-0DE9596F9063}\145747F6762796C6C6 : DHCPNameServer = 217.159.0.17 193.101.111.10
TCP: Interfaces\{A5E09327-D59F-411A-906D-0DE9596F9063}\2756A7964656E63656 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A5E09327-D59F-411A-906D-0DE9596F9063}\4505D2C494E4B4F5241423443443 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A5E09327-D59F-411A-906D-0DE9596F9063}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A5E09327-D59F-411A-906D-0DE9596F9063}\777777E2365627265627F637E236A7F537C657E69636B6F6 : DHCPNameServer = 81.25.28.250 81.25.16.250
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-mStart Page = hxxp://lenovo.msn.com
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\1meoimo6.default-1342553091945\
FF - prefs.js: browser.startup.homepage - hxxp://www.parabola.cz/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\Users\Pavel\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Pavel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Pavel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\windows\System32\drivers\aswNdis.sys [2012-10-7 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\windows\System32\drivers\aswNdis2.sys [2012-10-7 266776]
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-10-9 57952]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-10-9 39008]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2011-10-9 25960]
R1 aswFW;avast! TDI Firewall driver;C:\windows\System32\drivers\aswFW.sys [2012-10-7 142128]
R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2012-10-7 19600]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-10-7 969200]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-10-7 359464]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-10-9 13408]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2012-8-31 283200]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-10-7 25232]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-10-7 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-7 44808]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-10-7 133912]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-9 2009704]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-6-10 578264]
R2 RtLedService;RtLedService Installer;C:\Program Files\Realtek\RtLED\RtLEDService.exe [2010-9-30 311296]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\windows\System32\drivers\stflt.sys [2012-3-21 51496]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2012-3-21 1148664]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-9 2656280]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-5 31088]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-1-9 176000]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-14 317440]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2011-1-13 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETwNs64.sys [2010-11-9 8500736]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-9 307304]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 SPUVCbv;SPUVCb Driver Service;C:\windows\System32\drivers\usbvideo.sys [2010-11-21 184960]
R3 V0690Vid;Creative Live! Cam Socialize HD AF Driver;C:\windows\System32\drivers\V0690Vid.sys [2012-1-9 393952]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\windows\System32\srvany.exe --> C:\windows\System32\srvany.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250288]
S3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2011-10-9 349736]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-10-9 39464]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 ivusb;Initio Driver for USB Default Controller;C:\windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Služba Technologie aktivace Windows;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-23 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-07 19:14:23 142128 ----a-w- C:\windows\System32\drivers\aswFW.sys
2012-10-07 19:14:11 266776 ----a-w- C:\windows\System32\drivers\aswNdis2.sys
2012-10-07 19:14:09 19600 ----a-w- C:\windows\System32\drivers\aswKbd.sys
2012-10-07 19:14:07 12368 ----a-w- C:\windows\System32\drivers\aswNdis.sys
2012-10-07 19:06:24 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2012-10-07 19:06:22 969200 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2012-10-07 19:06:19 71600 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2012-10-07 19:05:56 41224 ----a-w- C:\windows\avastSS.scr
2012-10-07 19:05:45 -------- d-----w- C:\ProgramData\AVAST Software
2012-10-07 19:05:45 -------- d-----w- C:\Program Files\AVAST Software
2012-10-07 17:29:10 -------- d-----w- C:\Users\Pavel\AppData\Local\{AA9B339C-69FC-43C6-A017-A9A8C94DA5DE}
2012-10-07 16:30:10 -------- d-----w- C:\Program Files\trend micro
2012-10-06 22:17:48 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A7956A79-ED2F-44EB-A45E-2B3DF54B5BE7}\offreg.dll
2012-10-05 17:58:38 -------- d-----w- C:\Users\Pavel\AppData\Local\{0C3F6C25-1678-4A03-9B95-6629B389C20E}
2012-10-05 08:03:47 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A7956A79-ED2F-44EB-A45E-2B3DF54B5BE7}\mpengine.dll
2012-10-04 17:39:48 -------- d-----w- C:\Users\Pavel\AppData\Local\{B727631F-F783-4792-8A3D-D853B70978AC}
2012-10-03 17:51:10 -------- d-----w- C:\Users\Pavel\AppData\Local\{E3C15C92-6788-4A99-9FCE-B5B9415DB3FC}
2012-10-01 17:50:56 -------- d-----w- C:\Users\Pavel\AppData\Local\{58F2512B-1F10-4CF0-A7AB-21CD23133B07}
2012-09-30 11:51:47 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-09-30 08:57:19 -------- d-----w- C:\Users\Pavel\AppData\Local\{F9B54120-82A2-440D-A680-476137CCC4D9}
2012-09-29 03:02:03 -------- d-----w- C:\Users\Pavel\AppData\Local\{CF9220B2-E5A1-4DB1-8735-22B37B27AA9C}
2012-09-28 10:51:38 -------- d-----w- C:\Users\Pavel\AppData\Local\{5F652B44-DA44-4067-BB07-8534DFA7E9B8}
2012-09-27 10:35:43 -------- d-----w- C:\Users\Pavel\AppData\Local\{A2A20407-0C70-488B-85C9-35F3E2288FA2}
2012-09-26 18:59:50 245760 ----a-w- C:\windows\System32\OxpsConverter.exe
2012-09-26 13:57:18 -------- d-----w- C:\Users\Pavel\AppData\Local\{B9FCD385-0EC2-4878-941A-C8D3AA626989}
2012-09-25 12:58:40 -------- d-----w- C:\Users\Pavel\AppData\Local\{039DCD27-9186-4775-9343-491F142622D9}
2012-09-24 12:53:50 -------- d-----w- C:\Users\Pavel\AppData\Local\{725EC777-4EC7-40EB-91AC-C34554142423}
2012-09-23 18:42:00 -------- d-----w- C:\Users\Pavel\AppData\Local\{8C63A19B-8F49-46DF-A58B-C074850C72BB}
2012-09-22 20:11:32 -------- d-----w- C:\Users\Pavel\AppData\Local\{76AC8177-E2BD-4AE9-B6F8-24C98919A921}
2012-09-20 19:54:51 -------- d-----w- C:\Users\Pavel\AppData\Local\{CE1219C7-6B66-486E-849D-1852471D95DE}
2012-09-19 17:45:11 -------- d-----w- C:\Users\Pavel\AppData\Local\{7FB4C5C4-C35F-4A6D-A46B-5118BC2BABAA}
2012-09-18 00:54:11 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-17 21:15:46 -------- d-----w- C:\Users\Pavel\AppData\Local\{5F05E8A9-50B0-42A4-8DFF-C44A127524F7}
2012-09-16 21:05:29 0 ----a-w- C:\windows\SysWow64\shoBBCA.tmp
2012-09-16 11:48:56 -------- d-----w- C:\Users\Pavel\AppData\Local\{64AAB7BE-96D1-4418-95CC-81285D15E079}
2012-09-13 19:16:59 -------- d-----w- C:\Users\Pavel\AppData\Local\{741E1E89-E698-4C55-A9EE-D3C3A4FD48D0}
2012-09-11 17:32:37 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-09-11 17:32:37 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-09-11 17:32:37 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-09-11 17:32:34 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-09-11 17:32:34 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-09-11 17:32:34 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-09-11 17:32:34 41472 ----a-w- C:\windows\System32\drivers\RNDISMP.sys
2012-09-10 18:28:17 -------- d-----w- C:\Users\Pavel\AppData\Local\{C0396078-9C44-4626-A262-4D306BDD6F2C}
2012-09-10 16:21:18 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2012-09-10 16:14:23 413696 ----a-w- C:\windows\FLVSplitter.ax
2012-09-10 16:14:23 -------- d-----w- C:\Temp
.
==================== Find3M ====================
.
2012-09-30 11:51:23 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-09-30 11:51:23 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2012-09-21 17:29:19 73136 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 17:29:19 696240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-09-08 11:37:02 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-08 11:37:01 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-09-08 11:37:01 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-09-01 15:52:39 1355776 ----a-w- C:\windows\SysWow64\msvbvm50.dll
2012-08-31 13:43:39 283200 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 15:01:56,84 ===============



--------------------------------------------------------------------------------------------------------------------------------




ComboFix 12-10-08.01 - Pavel 08.10.2012 15:13:47.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4010.2380 [GMT 2:00]
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Pavel\AppData\Roaming\inst.exe
c:\users\Pavel\AppData\Roaming\vso_ts_preview.xml
c:\users\Pavel\videos\KTV-Recorder-2.54-20120507-win-x86-setup.exe
c:\windows\gt.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\s.bat
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\wpcap.dll
c:\windows\version.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-08 do 2012-10-08 )))))))))))))))))))))))))))))))
.
.
2012-10-07 19:14 . 2012-08-21 09:13 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-07 19:14 . 2012-08-21 09:13 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-07 19:14 . 2012-08-21 09:13 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-07 19:14 . 2012-07-13 10:47 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-10-07 19:06 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-07 19:06 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-07 19:06 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-07 19:06 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-07 19:06 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-07 19:06 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-07 19:06 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-07 19:05 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-07 19:05 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-07 19:05 . 2012-10-07 19:05 -------- d-----w- c:\programdata\AVAST Software
2012-10-07 19:05 . 2012-10-07 19:05 -------- d-----w- c:\program files\AVAST Software
2012-10-07 16:30 . 2012-10-07 19:45 -------- d-----w- c:\program files\trend micro
2012-10-07 16:30 . 2012-10-07 19:45 -------- d-----w- C:\rsit
2012-10-07 11:47 . 2012-10-08 12:53 -------- d-----w- c:\users\Pavel\AppData\Roaming\Skype
2012-10-05 08:03 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7956A79-ED2F-44EB-A45E-2B3DF54B5BE7}\mpengine.dll
2012-09-30 11:51 . 2012-09-30 11:51 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-09-26 18:59 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-21 19:26 . 2012-08-24 10:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-18 00:54 . 2012-09-18 00:54 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-16 21:05 . 2012-09-16 21:05 0 ----a-w- c:\windows\SysWow64\shoBBCA.tmp
2012-09-11 17:32 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 17:32 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 17:32 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 17:32 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 17:32 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 17:32 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 17:32 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-10 16:21 . 2012-09-16 20:50 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2012-09-10 16:14 . 2012-09-27 19:21 -------- d-----w- C:\Temp
2012-09-10 16:14 . 2008-01-27 19:59 413696 ----a-w- c:\windows\FLVSplitter.ax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-30 11:51 . 2011-10-09 08:23 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-09-30 11:51 . 2011-10-09 08:23 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-09-21 17:29 . 2012-04-01 11:24 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 17:29 . 2011-11-24 22:00 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-11 17:33 . 2011-11-22 23:47 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-08 11:37 . 2012-09-08 11:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-08 11:37 . 2012-05-21 17:39 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-08 11:37 . 2011-11-24 20:10 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-01 15:52 . 2012-09-01 15:52 1355776 ----a-w- c:\windows\SysWow64\msvbvm50.dll
2012-08-31 13:43 . 2012-08-31 13:43 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-18 18:15 . 2012-08-15 04:58 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17762440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-09-30 296096]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-2-15 1136928]
SRS Premium Sound.lnk - c:\program files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe [2010-12-17 1927528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 99 (0x63)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 RtLedService;RtLedService Installer;c:\program files\Realtek\RtLED\RtLEDService.exe [2010-09-30 311296]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-15 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-18 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-23 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-07-13 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-10-09 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-10-09 39008]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-06 25960]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-10-09 13408]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-31 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-08-21 133912]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-06 2009704]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2011-12-21 578264]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2012-03-21 51496]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-09-06 1148664]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-10-09 29792]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-31 176000]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-11-09 8500736]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-01-22 82816]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
S3 V0690Vid;Creative Live! Cam Socialize HD AF Driver;c:\windows\system32\DRIVERS\V0690Vid.sys [2010-08-12 393952]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 17:29]
.
2012-10-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001Core.job
- c:\users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 23:27]
.
2012-10-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001UA.job
- c:\users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-05 23:27]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001Core.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 20:27]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001UA.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 20:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-10-09 08:09 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-10-09 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-10-09 789920]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-10-09 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-10-09 5908928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\1meoimo6.default-1342553091945\
FF - prefs.js: browser.startup.homepage - hxxp://www.parabola.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
Toolbar-Locked - (no file)
Toolbar-{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2012-10-08 15:24:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-08 13:24
.
Před spuštěním: Volných bajtů: 39 271 903 232
Po spuštění: Volných bajtů: 38 765 441 024
.
- - End Of File - - 0F6F3D53602ECEFA46FD66CC3A6AA0A2

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  DDS::
  uStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=LENN
  uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=LENN
  mStart Page = hxxp://lenovo.msn.com
  uURLSearchHooks: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - <orphaned>
  uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
  dURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
  dURLSearchHooks: <No Name>: - LocalServer32 - <no file>
  BHO: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - <orphaned>
  uRun: [Facebook Update]
  uRun: [DAEMON Tools Lite]
  uRun: [Google Update]
  uRun: [Skype]
  mRun: [UpdateP2GShortCut]
  mRun: [UpdatePRCShortCut]
  mRun: [RemoteControl]
  mRun: [Adobe ARM]
  mRun: [SunJavaUpdateSched]
  mRun: [TkBellExe]
  x64-Run: [UpdatePRCShortCut]
  
  File::
  c:\windows\Tasks\Adobe Flash Player Updater.job
  c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001Core.job
  c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001UA.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001Core.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001UA.job
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 12-10-08.01 - Pavel 08.10.2012 20:34:30.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4010.2495 [GMT 2:00]
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pavel\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001UA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-453037729-1404361596-3676707868-1001UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-08 do 2012-10-08 )))))))))))))))))))))))))))))))
.
.
2012-10-08 18:39 . 2012-10-08 18:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-10-08 18:39 . 2012-10-08 18:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-08 18:39 . 2012-10-08 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-08 17:53 . 2012-10-08 17:53 -------- d-----r- C:\MSOCache
2012-10-08 17:48 . 2012-10-08 18:39 -------- d-----w- c:\users\Pavel\AppData\Roaming\SoftGrid Client
2012-10-08 13:58 . 2006-12-23 07:57 122880 ----a-w- c:\users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Magic.exe
2012-10-07 19:14 . 2012-08-21 09:13 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-07 19:14 . 2012-08-21 09:13 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-07 19:14 . 2012-08-21 09:13 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-07 19:14 . 2012-07-13 10:47 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-10-07 19:06 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-07 19:06 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-07 19:06 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-07 19:06 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-07 19:06 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-07 19:06 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-07 19:06 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-07 19:05 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-07 19:05 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-07 19:05 . 2012-10-07 19:05 -------- d-----w- c:\programdata\AVAST Software
2012-10-07 19:05 . 2012-10-07 19:05 -------- d-----w- c:\program files\AVAST Software
2012-10-07 16:30 . 2012-10-07 19:45 -------- d-----w- c:\program files\trend micro
2012-10-07 16:30 . 2012-10-07 19:45 -------- d-----w- C:\rsit
2012-10-07 11:47 . 2012-10-08 18:24 -------- d-----w- c:\users\Pavel\AppData\Roaming\Skype
2012-10-05 08:03 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7956A79-ED2F-44EB-A45E-2B3DF54B5BE7}\mpengine.dll
2012-09-30 11:51 . 2012-09-30 11:51 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-09-26 18:59 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-21 19:26 . 2012-08-24 10:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-18 00:54 . 2012-09-18 00:54 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-16 21:05 . 2012-09-16 21:05 0 ----a-w- c:\windows\SysWow64\shoBBCA.tmp
2012-09-11 17:32 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 17:32 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 17:32 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 17:32 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 17:32 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 17:32 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 17:32 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-10 16:21 . 2012-09-16 20:50 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2012-09-10 16:14 . 2012-09-27 19:21 -------- d-----w- C:\Temp
2012-09-10 16:14 . 2008-01-27 19:59 413696 ----a-w- c:\windows\FLVSplitter.ax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-30 11:51 . 2011-10-09 08:23 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-09-30 11:51 . 2011-10-09 08:23 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-09-21 17:29 . 2012-04-01 11:24 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 17:29 . 2011-11-24 22:00 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-11 17:33 . 2011-11-22 23:47 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-08 11:37 . 2012-09-08 11:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-08 11:37 . 2012-05-21 17:39 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-08 11:37 . 2011-11-24 20:10 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-01 15:52 . 2012-09-01 15:52 1355776 ----a-w- c:\windows\SysWow64\msvbvm50.dll
2012-08-31 13:43 . 2012-08-31 13:43 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-18 18:15 . 2012-08-15 04:58 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-09-30 296096]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Magic.exe [2006-12-23 122880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-2-15 1136928]
SRS Premium Sound.lnk - c:\program files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe [2010-12-17 1927528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 99 (0x63)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 RtLedService;RtLedService Installer;c:\program files\Realtek\RtLED\RtLEDService.exe [2010-09-30 311296]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-15 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-18 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-23 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-07-13 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-10-09 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-10-09 39008]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-06 25960]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-10-09 13408]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-31 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-08-21 133912]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-06 2009704]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2011-12-21 578264]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2012-03-21 51496]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-09-06 1148664]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-10-09 29792]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-31 176000]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-11-09 8500736]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-01-22 82816]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
S3 V0690Vid;Creative Live! Cam Socialize HD AF Driver;c:\windows\system32\DRIVERS\V0690Vid.sys [2010-08-12 393952]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-10-09 08:09 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-10-09 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-10-09 789920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-10-09 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-10-09 5908928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\1meoimo6.default-1342553091945\
FF - prefs.js: browser.startup.homepage - hxxp://www.parabola.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
Toolbar-Locked - (no file)
Toolbar-{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\NVIDIA Corporation\Installer2\NVIDIA.Update.0\ComUpdatus.exe
.
**************************************************************************
.
Celkový čas: 2012-10-08 20:45:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-08 18:45
ComboFix2.txt 2012-10-08 13:24
.
Před spuštěním: Volných bajtů: 31 389 769 728
Po spuštění: Volných bajtů: 31 294 849 024
.
- - End Of File - - 9513EF654D8D58C3D6AF1CFD21B248EE



Jestli můžu ještě poprosit, mám taky problém se zápisem na externí disk přes USB. Pokud dám kopírovat tak to jde hrozně pomalu a píše to že probíhá kontrola výpočtu a rychlost přenosu ukazuje nulu např. soubor velký 128MB to kopíruje víc jak 10 minut. Na druhém PC to jde normálně.
Děkuji za případnou radu.

Nepise PC neco o tom ze toto zarizenu muze pracovat rychleji

mám win7 : nic nepíše, když dám kopírovat a vložit tak se spustí přenos a ve zbývající čas píše: Probíhá výpočet...
Zbývající položky:1(9,56MB)
Rychlost: 116MB/s

ale kopíruje to víc jak 10 minut a když dám storno tak se to kousne a trvá to hodně dlouho než se ukončí.