nejde spustit centrum zabezp. ani security essential
Napsal: 14 říj 2012 00:11
poprosil bych kontrolu logu, díky
Logfile of random's system information tool 1.09 (written by random/random)
Run by Uziv at 2012-10-14 00:45:35
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 22 GB (57%) free of 38 GB
Total RAM: 12286 MB (88% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:45:36, on 14.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\trend micro\Uziv.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DTSAudioService - DTS - C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5675 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
taskeng.exe {F84CB2C8-8F79-462E-96B4-DEE8E40A91FB}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe "C:\Windows\SysWOW64\shdocvwu.dll",RRNJPM
C:\Windows\system32\rundll32.exe "C:\Windows\SysWOW64\shdocvwu.dll",RRNJPM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
taskeng.exe {77D69FA6-CD33-4919-A0AA-81282CF5BF04}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORDTSUPTBT
"C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
wmiadap.exe /F /T /R
"C:\Users\Uziv\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\AMNQZHK.job
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-06-12 6548112]
"RtHDVBg_DTS"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2012-06-13 1212560]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2010-01-19 43632]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2009-11-20 106496]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-08-06 642216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2012-06-27 249344]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2012-10-14 00:45:35 ----D---- C:\rsit
2012-10-14 00:45:35 ----D---- C:\Program Files\trend micro
2012-10-13 23:56:38 ----SHD---- C:\Config.Msi
2012-10-13 23:50:04 ----SHD---- C:\$RECYCLE.BIN
2012-10-13 23:45:54 ----D---- C:\Windows\temp
2012-10-13 22:49:39 ----HD---- C:\ProgramData\Common Files
2012-10-13 22:40:15 ----A---- C:\Windows\stinger.sys
2012-10-13 22:40:07 ----D---- C:\Program Files (x86)\stinger
2012-10-13 19:53:08 ----RASH---- C:\Windows\SYSWOW64\shdocvwu.dll
2012-10-10 17:26:04 ----A---- C:\Windows\system32\drivers\ntfs.sys
2012-10-10 17:26:03 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-10-10 17:26:03 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-10-10 17:26:03 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-10-10 17:26:01 ----A---- C:\Windows\system32\KernelBase.dll
2012-10-10 17:26:00 ----A---- C:\Windows\SYSWOW64\setup16.exe
2012-10-10 17:26:00 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2012-10-10 17:26:00 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2012-10-10 17:26:00 ----A---- C:\Windows\system32\wow64.dll
2012-10-10 17:26:00 ----A---- C:\Windows\system32\winsrv.dll
2012-10-10 17:26:00 ----A---- C:\Windows\system32\ntvdm64.dll
2012-10-10 17:26:00 ----A---- C:\Windows\system32\kernel32.dll
2012-10-10 17:26:00 ----A---- C:\Windows\system32\conhost.exe
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 17:25:59 ----A---- C:\Windows\SYSWOW64\wow32.dll
2012-10-10 17:25:59 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2012-10-10 17:25:59 ----A---- C:\Windows\SYSWOW64\instnm.exe
2012-10-10 17:25:59 ----A---- C:\Windows\system32\wow64win.dll
2012-10-10 17:25:59 ----A---- C:\Windows\system32\wow64cpu.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 17:25:58 ----A---- C:\Windows\SYSWOW64\user.exe
2012-10-10 17:25:52 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2012-10-10 17:25:52 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2012-10-10 17:25:52 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2012-10-10 17:25:52 ----A---- C:\Windows\system32\cryptsvc.dll
2012-10-10 17:25:52 ----A---- C:\Windows\system32\cryptnet.dll
2012-10-10 17:25:52 ----A---- C:\Windows\system32\crypt32.dll
2012-10-10 17:25:47 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-10-10 17:25:47 ----A---- C:\Windows\system32\tzres.dll
2012-10-10 17:25:44 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-10-10 17:25:44 ----A---- C:\Windows\system32\wintrust.dll
2012-10-10 17:25:41 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2012-10-10 17:25:41 ----A---- C:\Windows\system32\kerberos.dll
2012-10-04 23:09:57 ----D---- C:\Windows\system32\appmgmt
2012-09-28 02:14:19 ----D---- C:\ProgramData\ATI
2012-09-28 02:13:48 ----D---- C:\Program Files (x86)\AMD APP
2012-09-26 20:45:14 ----A---- C:\Windows\system32\OxpsConverter.exe
2012-09-24 00:59:19 ----D---- C:\Program Files\Gamepark
2012-09-22 01:45:22 ----D---- C:\Program Files (x86)\OpenVPN
2012-09-21 19:13:47 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-09-21 19:13:47 ----A---- C:\Windows\system32\mshtmled.dll
2012-09-21 19:13:46 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-09-21 19:13:46 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-09-21 19:13:45 ----A---- C:\Windows\SYSWOW64\url.dll
2012-09-21 19:13:45 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-09-21 19:13:45 ----A---- C:\Windows\system32\url.dll
2012-09-21 19:13:45 ----A---- C:\Windows\system32\ieUnatt.exe
2012-09-21 19:13:45 ----A---- C:\Windows\system32\ieui.dll
2012-09-21 19:13:44 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-09-21 19:13:44 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-09-21 19:13:44 ----A---- C:\Windows\system32\urlmon.dll
2012-09-21 19:13:44 ----A---- C:\Windows\system32\msfeeds.dll
2012-09-21 19:13:44 ----A---- C:\Windows\system32\jscript9.dll
2012-09-21 19:13:43 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-09-21 19:13:43 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-09-21 19:13:43 ----A---- C:\Windows\system32\wininet.dll
2012-09-21 19:13:43 ----A---- C:\Windows\system32\jsproxy.dll
2012-09-21 19:13:42 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-09-21 19:13:42 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-09-21 19:13:42 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-09-21 19:13:42 ----A---- C:\Windows\system32\vbscript.dll
2012-09-21 19:13:42 ----A---- C:\Windows\system32\jscript.dll
2012-09-21 19:13:42 ----A---- C:\Windows\system32\iertutil.dll
2012-09-21 19:13:41 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-09-21 19:13:40 ----A---- C:\Windows\system32\mshtml.dll
2012-09-21 19:13:39 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-09-21 19:13:39 ----A---- C:\Windows\system32\ieframe.dll
======List of files/folders modified in the last 1 month======
2012-10-14 00:45:35 ----RD---- C:\Program Files
2012-10-14 00:44:16 ----D---- C:\Windows\system32\config
2012-10-14 00:44:13 ----D---- C:\Windows\SoftwareDistribution
2012-10-14 00:43:41 ----D---- C:\ProgramData
2012-10-14 00:43:27 ----D---- C:\Windows
2012-10-14 00:42:52 ----D---- C:\Windows\system32\LogFiles
2012-10-14 00:42:52 ----D---- C:\Windows\System32
2012-10-14 00:40:39 ----D---- C:\Windows\inf
2012-10-14 00:40:20 ----SHD---- C:\Windows\Installer
2012-10-14 00:40:20 ----RD---- C:\Program Files (x86)
2012-10-14 00:40:16 ----SHD---- C:\System Volume Information
2012-10-14 00:37:49 ----D---- C:\Windows\system32\drivers
2012-10-14 00:22:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-10-13 23:58:33 ----D---- C:\Windows\Prefetch
2012-10-13 23:44:56 ----A---- C:\Windows\system.ini
2012-10-13 23:44:00 ----D---- C:\Windows\SYSWOW64\drivers
2012-10-13 23:44:00 ----D---- C:\Windows\SysWOW64
2012-10-13 23:44:00 ----D---- C:\Windows\AppPatch
2012-10-13 23:43:59 ----D---- C:\Program Files (x86)\Common Files
2012-10-13 23:38:39 ----D---- C:\Users\Uziv\AppData\Roaming\ICQ
2012-10-13 23:33:57 ----D---- C:\Windows\system32\catroot
2012-10-13 23:23:48 ----D---- C:\Windows\winsxs
2012-10-13 23:12:46 ----RSD---- C:\Windows\assembly
2012-10-13 23:12:40 ----RSD---- C:\Windows\Fonts
2012-10-13 22:51:07 ----D---- C:\Windows\system32\DriverStore
2012-10-13 19:53:09 ----D---- C:\Windows\Tasks
2012-10-13 19:53:09 ----D---- C:\Windows\system32\Tasks
2012-10-13 19:32:03 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2012-10-11 00:10:26 ----D---- C:\Windows\debug
2012-10-10 20:59:29 ----D---- C:\Windows\rescache
2012-10-10 18:56:55 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-10-10 18:56:55 ----D---- C:\Windows\system32\cs-CZ
2012-10-10 17:26:50 ----A---- C:\Windows\system32\MRT.exe
2012-10-10 17:25:43 ----D---- C:\Windows\system32\catroot2
2012-10-04 23:32:19 ----D---- C:\Users\Uziv\AppData\Roaming\Media Player Classic
2012-10-04 22:50:47 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
2012-09-28 02:13:36 ----D---- C:\Program Files\ATI Technologies
2012-09-28 02:13:30 ----D---- C:\ProgramData\AMD
2012-09-21 19:24:41 ----D---- C:\Windows\SYSWOW64\migration
2012-09-21 19:24:41 ----D---- C:\Windows\system32\migration
2012-09-21 19:24:41 ----D---- C:\Program Files\Internet Explorer
2012-09-21 19:24:41 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-20 22:34:04 ----D---- C:\ProgramData\Origin
2012-09-20 22:33:45 ----D---- C:\Program Files (x86)\Origin
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-12-12 82048]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-12-12 42624]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2010-01-11 115824]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2010-04-22 13440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 40816]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2011-12-15 31232]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2011-12-13 56448]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1100320]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-04-25 52736]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-07-28 239616]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DTSAudioService;DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-05-31 210024]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-06-30 76888]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 936848]
S3 OpenVPNService;OpenVPN Service; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [2011-12-15 14848]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 Freemake Improver;Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-06-06 100864]
-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Uziv at 2012-10-14 00:45:35
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 22 GB (57%) free of 38 GB
Total RAM: 12286 MB (88% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:45:36, on 14.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\trend micro\Uziv.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DTSAudioService - DTS - C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5675 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
taskeng.exe {F84CB2C8-8F79-462E-96B4-DEE8E40A91FB}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe "C:\Windows\SysWOW64\shdocvwu.dll",RRNJPM
C:\Windows\system32\rundll32.exe "C:\Windows\SysWOW64\shdocvwu.dll",RRNJPM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
taskeng.exe {77D69FA6-CD33-4919-A0AA-81282CF5BF04}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORDTSUPTBT
"C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
wmiadap.exe /F /T /R
"C:\Users\Uziv\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\AMNQZHK.job
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-06-12 6548112]
"RtHDVBg_DTS"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2012-06-13 1212560]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2010-01-19 43632]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2009-11-20 106496]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-08-06 642216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2012-06-27 249344]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2012-10-14 00:45:35 ----D---- C:\rsit
2012-10-14 00:45:35 ----D---- C:\Program Files\trend micro
2012-10-13 23:56:38 ----SHD---- C:\Config.Msi
2012-10-13 23:50:04 ----SHD---- C:\$RECYCLE.BIN
2012-10-13 23:45:54 ----D---- C:\Windows\temp
2012-10-13 22:49:39 ----HD---- C:\ProgramData\Common Files
2012-10-13 22:40:15 ----A---- C:\Windows\stinger.sys
2012-10-13 22:40:07 ----D---- C:\Program Files (x86)\stinger
2012-10-13 19:53:08 ----RASH---- C:\Windows\SYSWOW64\shdocvwu.dll
2012-10-10 17:26:04 ----A---- C:\Windows\system32\drivers\ntfs.sys
2012-10-10 17:26:03 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-10-10 17:26:03 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-10-10 17:26:03 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-10-10 17:26:01 ----A---- C:\Windows\system32\KernelBase.dll
2012-10-10 17:26:00 ----A---- C:\Windows\SYSWOW64\setup16.exe
2012-10-10 17:26:00 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2012-10-10 17:26:00 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2012-10-10 17:26:00 ----A---- C:\Windows\system32\wow64.dll
2012-10-10 17:26:00 ----A---- C:\Windows\system32\winsrv.dll
2012-10-10 17:26:00 ----A---- C:\Windows\system32\ntvdm64.dll
2012-10-10 17:26:00 ----A---- C:\Windows\system32\kernel32.dll
2012-10-10 17:26:00 ----A---- C:\Windows\system32\conhost.exe
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 17:25:59 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 17:25:59 ----A---- C:\Windows\SYSWOW64\wow32.dll
2012-10-10 17:25:59 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2012-10-10 17:25:59 ----A---- C:\Windows\SYSWOW64\instnm.exe
2012-10-10 17:25:59 ----A---- C:\Windows\system32\wow64win.dll
2012-10-10 17:25:59 ----A---- C:\Windows\system32\wow64cpu.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 17:25:58 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 17:25:58 ----A---- C:\Windows\SYSWOW64\user.exe
2012-10-10 17:25:52 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2012-10-10 17:25:52 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2012-10-10 17:25:52 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2012-10-10 17:25:52 ----A---- C:\Windows\system32\cryptsvc.dll
2012-10-10 17:25:52 ----A---- C:\Windows\system32\cryptnet.dll
2012-10-10 17:25:52 ----A---- C:\Windows\system32\crypt32.dll
2012-10-10 17:25:47 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-10-10 17:25:47 ----A---- C:\Windows\system32\tzres.dll
2012-10-10 17:25:44 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-10-10 17:25:44 ----A---- C:\Windows\system32\wintrust.dll
2012-10-10 17:25:41 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2012-10-10 17:25:41 ----A---- C:\Windows\system32\kerberos.dll
2012-10-04 23:09:57 ----D---- C:\Windows\system32\appmgmt
2012-09-28 02:14:19 ----D---- C:\ProgramData\ATI
2012-09-28 02:13:48 ----D---- C:\Program Files (x86)\AMD APP
2012-09-26 20:45:14 ----A---- C:\Windows\system32\OxpsConverter.exe
2012-09-24 00:59:19 ----D---- C:\Program Files\Gamepark
2012-09-22 01:45:22 ----D---- C:\Program Files (x86)\OpenVPN
2012-09-21 19:13:47 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-09-21 19:13:47 ----A---- C:\Windows\system32\mshtmled.dll
2012-09-21 19:13:46 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-09-21 19:13:46 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-09-21 19:13:45 ----A---- C:\Windows\SYSWOW64\url.dll
2012-09-21 19:13:45 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-09-21 19:13:45 ----A---- C:\Windows\system32\url.dll
2012-09-21 19:13:45 ----A---- C:\Windows\system32\ieUnatt.exe
2012-09-21 19:13:45 ----A---- C:\Windows\system32\ieui.dll
2012-09-21 19:13:44 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-09-21 19:13:44 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-09-21 19:13:44 ----A---- C:\Windows\system32\urlmon.dll
2012-09-21 19:13:44 ----A---- C:\Windows\system32\msfeeds.dll
2012-09-21 19:13:44 ----A---- C:\Windows\system32\jscript9.dll
2012-09-21 19:13:43 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-09-21 19:13:43 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-09-21 19:13:43 ----A---- C:\Windows\system32\wininet.dll
2012-09-21 19:13:43 ----A---- C:\Windows\system32\jsproxy.dll
2012-09-21 19:13:42 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-09-21 19:13:42 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-09-21 19:13:42 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-09-21 19:13:42 ----A---- C:\Windows\system32\vbscript.dll
2012-09-21 19:13:42 ----A---- C:\Windows\system32\jscript.dll
2012-09-21 19:13:42 ----A---- C:\Windows\system32\iertutil.dll
2012-09-21 19:13:41 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-09-21 19:13:40 ----A---- C:\Windows\system32\mshtml.dll
2012-09-21 19:13:39 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-09-21 19:13:39 ----A---- C:\Windows\system32\ieframe.dll
======List of files/folders modified in the last 1 month======
2012-10-14 00:45:35 ----RD---- C:\Program Files
2012-10-14 00:44:16 ----D---- C:\Windows\system32\config
2012-10-14 00:44:13 ----D---- C:\Windows\SoftwareDistribution
2012-10-14 00:43:41 ----D---- C:\ProgramData
2012-10-14 00:43:27 ----D---- C:\Windows
2012-10-14 00:42:52 ----D---- C:\Windows\system32\LogFiles
2012-10-14 00:42:52 ----D---- C:\Windows\System32
2012-10-14 00:40:39 ----D---- C:\Windows\inf
2012-10-14 00:40:20 ----SHD---- C:\Windows\Installer
2012-10-14 00:40:20 ----RD---- C:\Program Files (x86)
2012-10-14 00:40:16 ----SHD---- C:\System Volume Information
2012-10-14 00:37:49 ----D---- C:\Windows\system32\drivers
2012-10-14 00:22:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-10-13 23:58:33 ----D---- C:\Windows\Prefetch
2012-10-13 23:44:56 ----A---- C:\Windows\system.ini
2012-10-13 23:44:00 ----D---- C:\Windows\SYSWOW64\drivers
2012-10-13 23:44:00 ----D---- C:\Windows\SysWOW64
2012-10-13 23:44:00 ----D---- C:\Windows\AppPatch
2012-10-13 23:43:59 ----D---- C:\Program Files (x86)\Common Files
2012-10-13 23:38:39 ----D---- C:\Users\Uziv\AppData\Roaming\ICQ
2012-10-13 23:33:57 ----D---- C:\Windows\system32\catroot
2012-10-13 23:23:48 ----D---- C:\Windows\winsxs
2012-10-13 23:12:46 ----RSD---- C:\Windows\assembly
2012-10-13 23:12:40 ----RSD---- C:\Windows\Fonts
2012-10-13 22:51:07 ----D---- C:\Windows\system32\DriverStore
2012-10-13 19:53:09 ----D---- C:\Windows\Tasks
2012-10-13 19:53:09 ----D---- C:\Windows\system32\Tasks
2012-10-13 19:32:03 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2012-10-11 00:10:26 ----D---- C:\Windows\debug
2012-10-10 20:59:29 ----D---- C:\Windows\rescache
2012-10-10 18:56:55 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-10-10 18:56:55 ----D---- C:\Windows\system32\cs-CZ
2012-10-10 17:26:50 ----A---- C:\Windows\system32\MRT.exe
2012-10-10 17:25:43 ----D---- C:\Windows\system32\catroot2
2012-10-04 23:32:19 ----D---- C:\Users\Uziv\AppData\Roaming\Media Player Classic
2012-10-04 22:50:47 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
2012-09-28 02:13:36 ----D---- C:\Program Files\ATI Technologies
2012-09-28 02:13:30 ----D---- C:\ProgramData\AMD
2012-09-21 19:24:41 ----D---- C:\Windows\SYSWOW64\migration
2012-09-21 19:24:41 ----D---- C:\Windows\system32\migration
2012-09-21 19:24:41 ----D---- C:\Program Files\Internet Explorer
2012-09-21 19:24:41 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-20 22:34:04 ----D---- C:\ProgramData\Origin
2012-09-20 22:33:45 ----D---- C:\Program Files (x86)\Origin
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-12-12 82048]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-12-12 42624]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2010-01-11 115824]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2010-04-22 13440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 40816]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2011-12-15 31232]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2011-12-13 56448]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1100320]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-04-25 52736]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-07-28 239616]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DTSAudioService;DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-05-31 210024]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-06-30 76888]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 936848]
S3 OpenVPNService;OpenVPN Service; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [2011-12-15 14848]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 Freemake Improver;Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-06-06 100864]
-----------------EOF-----------------
Jak je to s legalitou systemu? Ultimate neni zrovna bezna domaci verze 
Stahnete OTL