Prosím o kontrolu logu

[travat]

Dobrý den, po dlouhé době (cca rok a půl) jsem spustil pc, kde hned nastala aktualizace avastu, následně pc nechtělo komunikovat, nechtělo spustit skoro nic, tak jsem v nouzovém režimu avast i s google chrome odinstaloval, dal tam aviru a pc běží. Nicméně bych Vás rád požádal o odbornou kontrolu logu, pc se pomalu vypíná.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-10-30 10:55:35
Microsoft(R) Windows(R) XP Professional x64 Edition Service Pack 2
System drive C: has 17 GB (11%) free of 153 GB
Total RAM: 2815 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:55:42, on 30.10.2012
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files (x86)\Java\jre6\bin\jqs.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\MPICH\mpd\bin\mpd.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files (x86)\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [VIAJDS] "C:\Program Files (x86)\VIA\VIAudioi\HDADeck\VIAJDS.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ABUNINSTALLEX] c:\documents and settings\all users\application data\ab studio\ABUnInstallEx.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: PeerGuardian.lnk = C:\Program Files\PeerGuardian2\pg2.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll
O23 - Service: AbSoftMgr4 - AB Studio - C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MPICH Daemon (C) 2001 Argonne National Lab (mpich_mpd) - Unknown owner - C:\Program Files (x86)\MPICH\mpd\bin\mpd.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Start BT in service - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 7915 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
Ati2evxx.exe -Client
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe"
C:\WINDOWS\System32\svchost.exe -k WinErr
"C:\Program Files (x86)\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\jqs.conf"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
"C:\Program Files (x86)\MPICH\mpd\bin\mpd.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe"
C:\WINDOWS\Explorer.EXE
"C:\WINDOWS\system32\ctfmon.exe"
"C:\Program Files\PeerGuardian2\pg2.exe"
"C:\WINDOWS\system32\ctfmon.exe"
"C:\Program Files (x86)\VIA\VIAudioi\HDADeck\VIAJDS.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_0000045c
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min /NOSPLASH /SETUPSTART
"C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" /o /eo /l
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=2992.5c8cd30.783002235 "C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll" - -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 2992 "\\.\pipe\gecko-crash-server-pipe.2992" plugin
"C:\Documents and Settings\Administrator\Desktop\viry\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1776293813-1955127786-1730301673-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1776293813-1955127786-1730301673-500UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-10-27 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-10-27 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-10-27 79856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2005-03-25 20992]
"PowerBar"= []
"OEXPRESS"= []
"ABUNINSTALLEX"=c:\documents and settings\all users\application data\ab studio\ABUnInstallEx.exe [2007-07-03 263664]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"=C:\Program Files (x86)\AMD\amd_dc_opt\amd_dc_opt.exe [2006-06-28 106496]
"VIAJDS"=C:\Program Files (x86)\VIA\VIAudioi\HDADeck\VIAJDS.exe [2009-02-12 463872]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2012-10-30 384800]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
PeerGuardian.lnk - C:\Program Files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-07-04 262656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 154112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\CD-adapco\STAR-CCM+ 4.04.011\starccmw.exe"="C:\Program Files (x86)\CD-adapco\STAR-CCM+ 4.04.011\starccmw.exe:*:Enabled:starccmw"
"C:\Program Files (x86)\CD-adapco\STAR-CCM+ 4.04.011\win32\intel10.1\star-ccm+.exe"="C:\Program Files (x86)\CD-adapco\STAR-CCM+ 4.04.011\win32\intel10.1\star-ccm+.exe:*:Enabled:star-ccm+"
"C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"="C:\Program Files (x86)\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\KN_StrongDC\StrongDC.exe"="C:\Program Files\KN_StrongDC\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files (x86)\Valve\hl.exe"="C:\Program Files (x86)\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files (x86)\ICQ6.5\ICQ.exe"="C:\Program Files (x86)\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files (x86)\CD-adapco\STAR-CCM+ 4.04.011\starccm+.exe"="C:\Program Files (x86)\CD-adapco\STAR-CCM+ 4.04.011\starccm+.exe:*:Enabled:starccm+"
"C:\Program Files (x86)\EA SPORTS\F1 Challenge 2007\F1Challenge2007.exe"="C:\Program Files (x86)\EA SPORTS\F1 Challenge 2007\F1Challenge2007.exe:*:Enabled:F1 Challenge 99-02"
"C:\Program Files (x86)\Nerd Riot Games\Tennis Critters\TennisCritters.exe"="C:\Program Files (x86)\Nerd Riot Games\Tennis Critters\TennisCritters.exe:*:Enabled:TennisCritters"
"C:\Program Files (x86)\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe"="C:\Program Files (x86)\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe:*:Enabled:il2fb"
"C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe"="C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files (x86)\ICQ7.2\ICQ.exe"="C:\Program Files (x86)\ICQ7.2\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files (x86)\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files (x86)\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files (x86)\ICQ7.5\ICQ.exe"="C:\Program Files (x86)\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files (x86)\ICQ7.4\ICQ.exe"="C:\Program Files (x86)\ICQ7.4\ICQ.exe:*:Enabled:ICQ"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files (x86)\ICQ7.5\ICQ.exe"="C:\Program Files (x86)\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-10-30 00:27:29 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2012-10-30 00:19:47 ----A---- C:\WINDOWS\system32\drivers\AtihdXP6.sys
2012-10-30 00:18:33 ----A---- C:\WINDOWS\SYSWOW64\atipdlxx.dll
2012-10-30 00:18:33 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2012-10-30 00:18:33 ----A---- C:\WINDOWS\system32\ativvamv.dll
2012-10-30 00:18:33 ----A---- C:\WINDOWS\system32\atiokax2.dll
2012-10-30 00:18:33 ----A---- C:\WINDOWS\system32\atikvmag.dll
2012-10-30 00:18:33 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2012-10-30 00:18:33 ----A---- C:\WINDOWS\system32\atiapfxx.exe
2012-10-30 00:18:33 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2012-10-30 00:18:33 ----A---- C:\WINDOWS\system32\ati3duag.dll
2012-10-30 00:18:33 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2012-10-30 00:18:33 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2012-10-30 00:18:33 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2012-10-30 00:18:33 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2012-10-30 00:18:33 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2012-10-30 00:18:08 ----D---- C:\Program Files\ATI
2012-10-30 00:17:06 ----D---- C:\Program Files\ATI Technologies
2012-10-30 00:15:42 ----D---- C:\AMD
2012-10-29 16:00:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2012-10-29 16:00:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$
2012-10-29 15:59:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2012-10-29 15:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-10-29 15:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2724197$
2012-10-29 15:53:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2012-10-29 15:50:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2012-10-29 15:50:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2736233$
2012-10-29 15:50:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2012-10-29 15:49:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2012-10-29 15:49:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2012-10-29 15:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2012-10-29 15:49:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2012-10-29 15:43:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2731847-v2$
2012-10-29 15:42:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
2012-10-29 15:40:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-10-29 15:40:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2756822$
2012-10-29 15:40:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2012-10-29 15:40:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$
2012-10-29 15:33:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2644615$
2012-10-29 15:29:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2685939$
2012-10-29 15:28:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2012-10-29 15:28:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2638806$
2012-10-29 15:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2012-10-29 15:21:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2645640$
2012-10-29 15:14:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2012-10-29 15:14:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-10-29 15:14:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2012-10-29 15:13:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2012-10-29 15:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2705219-v2$
2012-10-29 15:13:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$
2012-10-29 15:13:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2012-10-29 15:12:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$
2012-10-29 15:10:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-10-29 15:10:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2661254$
2012-10-27 22:15:13 ----A---- C:\WINDOWS\SYSWOW64\npdeployJava1.dll
2012-10-27 22:15:13 ----A---- C:\WINDOWS\SYSWOW64\javaws.exe
2012-10-27 22:15:13 ----A---- C:\WINDOWS\SYSWOW64\javaw.exe
2012-10-27 22:15:13 ----A---- C:\WINDOWS\SYSWOW64\java.exe
2012-10-27 21:17:25 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc
2012-10-27 21:00:32 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2012-10-27 21:00:28 ----D---- C:\WINDOWS\system32\Macromed
2012-10-27 20:07:53 ----D---- C:\Documents and Settings\Administrator\Application Data\Avira
2012-10-27 20:03:06 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys
2012-10-27 20:03:06 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2012-10-27 20:03:06 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2012-10-27 20:03:05 ----D---- C:\Program Files (x86)\Avira
2012-10-27 20:03:05 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2012-10-27 19:29:10 ----HD---- C:\Documents and Settings\All Users\Application Data\Common Files
2012-10-27 19:29:10 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2012-10-27 19:26:39 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-27 19:26:39 ----D---- C:\Documents and Settings\All Users\Application Data\Mozilla
2012-10-27 18:55:13 ----D---- C:\Program Files\AVAST Software
2012-10-27 18:55:13 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2012-10-27 10:43:17 ----D---- C:\rsit
2012-10-27 10:43:17 ----D---- C:\Program Files\trend micro
2012-10-25 13:19:15 ----A---- C:\Program Files (x86)\GUTA.tmp
2012-10-25 08:10:45 ----A---- C:\Program Files (x86)\GUT9.tmp
2012-10-25 07:39:44 ----A---- C:\WINDOWS\system32\drivers\rt2870.sys
2012-10-25 07:39:41 ----A---- C:\WINDOWS\SYSWOW64\RaCoInst.dat
2012-10-25 07:39:41 ----A---- C:\WINDOWS\system32\RaCoInst.dat
2012-10-25 07:39:40 ----D---- C:\Documents and Settings\All Users\Application Data\TP-LINK Driver

======List of files/folders modified in the last 1 month======

2012-10-30 10:55:42 ----D---- C:\Program Files\PeerGuardian2
2012-10-30 10:55:41 ----D---- C:\WINDOWS\Temp
2012-10-30 10:55:41 ----D---- C:\WINDOWS\Prefetch
2012-10-30 10:52:53 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-10-30 10:29:35 ----D---- C:\WINDOWS\system32\CatRoot2
2012-10-30 10:28:08 ----SHD---- C:\WINDOWS\Installer
2012-10-30 10:23:41 ----D---- C:\WINDOWS\system32
2012-10-30 10:23:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-10-30 10:17:22 ----D---- C:\WINDOWS
2012-10-30 00:38:41 ----D---- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2012-10-30 00:29:44 ----HD---- C:\WINDOWS\inf
2012-10-30 00:27:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-10-30 00:21:36 ----D---- C:\Program Files (x86)\ATI Technologies
2012-10-30 00:21:03 ----RSD---- C:\WINDOWS\assembly
2012-10-30 00:21:03 ----D---- C:\WINDOWS\SysWOW64
2012-10-30 00:21:02 ----D---- C:\WINDOWS\WinSxS
2012-10-30 00:19:52 ----D---- C:\WINDOWS\system32\drivers
2012-10-30 00:19:49 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-10-30 00:19:47 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-10-30 00:18:08 ----RD---- C:\Program Files
2012-10-29 23:12:28 ----D---- C:\WINDOWS\Debug
2012-10-29 18:17:47 ----D---- C:\WINDOWS\Microsoft.NET
2012-10-29 16:12:04 ----D---- C:\Program Files (x86)\Microsoft Office
2012-10-29 16:04:30 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-10-29 16:00:06 ----HD---- C:\WINDOWS\$hf_mig$
2012-10-29 15:50:28 ----D---- C:\WINDOWS\ie8updates
2012-10-29 15:48:09 ----AC---- C:\WINDOWS\SYSWOW64\PerfStringBackup.INI
2012-10-29 15:41:56 ----D---- C:\WINDOWS\SYSWOW64\XPSViewer
2012-10-29 15:32:56 ----A---- C:\WINDOWS\win.ini
2012-10-29 15:12:36 ----D---- C:\Program Files (x86)\Internet Explorer
2012-10-29 15:12:35 ----D---- C:\Program Files\Internet Explorer
2012-10-29 14:45:55 ----D---- C:\Program Files (x86)\Common Files
2012-10-27 22:15:02 ----A---- C:\WINDOWS\SYSWOW64\deployJava1.dll
2012-10-27 22:14:57 ----D---- C:\Program Files (x86)\Java
2012-10-27 21:12:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2012-10-27 21:12:53 ----D---- C:\Program Files (x86)
2012-10-27 21:00:48 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2012-10-27 20:46:58 ----SHD---- C:\System Volume Information
2012-10-27 20:07:31 ----D---- C:\WINDOWS\system32\CatRoot
2012-10-27 19:57:10 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-27 19:55:14 ----D---- C:\WINDOWS\SYSWOW64\Drivers
2012-10-27 19:52:51 ----D---- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2012-10-27 19:51:29 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2012-10-27 19:51:28 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-10-27 19:24:57 ----D---- C:\WINDOWS\SoftwareDistribution
2012-10-27 18:55:59 ----SD---- C:\WINDOWS\Tasks
2012-10-27 18:20:48 ----D---- C:\WINDOWS\pss
2012-10-27 15:01:18 ----D---- C:\WINDOWS\Help
2012-10-27 12:16:57 ----D---- C:\Documents and Settings\All Users\Application Data\Skype Extras
2012-10-25 13:34:33 ----D---- C:\Program Files (x86)\Winamp
2012-10-25 13:34:25 ----D---- C:\WINDOWS\Minidump
2012-10-25 07:41:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2012-10-25 07:39:40 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-10-23 11:17:13 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 24976]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 49680]
R0 crcdisk;CRC Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\crcdisk.sys [2005-03-24 19968]
R0 nvata64;nvata64; C:\WINDOWS\system32\DRIVERS\nvata64.sys [2006-04-24 164864]
R0 PxHlpa64;PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [2009-04-28 55024]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2006-03-26 69120]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-03-13 7168]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-08-10 15872]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x); C:\WINDOWS\System32\drivers\sfsync03.sys [2005-12-06 45056]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\WINDOWS\System32\drivers\sfsync04.sys [2006-03-24 67584]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 89600]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-10-07 868848]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 57344]
R1 AsIO;AsIO; C:\WINDOWS\SysWow64\drivers\AsIO.sys [2007-12-17 14392]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-10-30 129216]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2006-12-18 211456]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-09-13 99248]
R2 CdaC15BA;CdaC15BA; C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys [2005-03-25 13312]
R2 CdaD10BA;CdaD10BA; C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys [2005-03-25 13312]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO64.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-12-18 35328]
R3 AmdTools64;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\AmdTools64.sys [2006-06-27 47616]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-07-04 9291264]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP6.sys [2012-05-14 151168]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-06-24 37896]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 37384]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-11-10 33344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-07-13 239616]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2005-03-25 18944]
R3 ksthunk;Kernel Streaming WOW64 Thunk Service; C:\WINDOWS\system32\drivers\ksthunk.sys [2007-02-16 24192]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1854976]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2005-03-24 19456]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2008-01-21 8192]
R3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2005-03-25 11776]
R3 rt2870;TP-LINK Wireless USB Adapter; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2010-06-25 1087328]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 47120]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 63248]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-02-16 1193984]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2007-02-16 24576]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys []
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys []
S3 ajfqjnrp;ajfqjnrp; C:\WINDOWS\system32\drivers\ajfqjnrp.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 128000]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 25360]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-06-24 47368]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 DrvAgent64;DrvAgent64; \??\C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 128000]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 75776]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 29696]
S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver; C:\WINDOWS\system32\DRIVERS\Rtenic64.sys [2009-01-22 143872]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2007-02-17 42752]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2007-02-17 29696]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2007-02-17 27648]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-02-17 48128]
S3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys [2005-03-24 33792]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D64.sys [2005-09-27 19968]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 95744]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 108032]
S4 adpu320;adpu320; C:\WINDOWS\system32\drivers\adpu320.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\system32\drivers\AmdIde.sys []
S4 arc;arc; C:\WINDOWS\system32\drivers\arc.sys []
S4 iirsp;iirsp; C:\WINDOWS\system32\drivers\iirsp.sys []
S4 symmpi;symmpi; C:\WINDOWS\system32\drivers\symmpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvc;Application Experience Lookup Service; C:\WINDOWS\system32\svchost.exe [2007-02-16 25600]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-30 108320]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-30 84256]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-07-04 923648]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe [2007-12-27 166520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files (x86)\Java\jre6\bin\jqs.exe [2012-10-27 153584]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2005-09-29 322120]
R2 mpich_mpd;MPICH Daemon (C) 2001 Argonne National Lab; C:\Program Files (x86)\MPICH\mpd\bin\mpd.exe [2003-02-02 184320]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
R2 Start BT in service;Start BT in service; C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2saag.exe [2009-09-25 665088]
S3 AbSoftMgr4;AbSoftMgr4; C:\Program Files\Common Files\AB Studio Shared\AbSoftMgr4.exe [2009-11-24 1045504]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe [2008-07-25 46088]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-03-12 79360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 clr_optimization_v2.0.50727_64;.NET Runtime Optimization Service v2.0.50727_x64; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-25 93184]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IASJet;IAS Jet Database Access; C:\WINDOWS\SysWOW64\svchost.exe [2007-02-18 14848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 859648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-27 129976]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-09-29 89136]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe [2007-02-18 613376]
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service; C:\WINDOWS\system32\svchost.exe [2007-02-16 25600]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2007-02-16 25600]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 119808]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny den preji

Po dohode s kolegou tema prebiram

Mate nejaky problem s intalaci ServicePacku 3? resi mnoho problemu a chyb...

[travat]

Zdravím a pozdravuji

Pro 64bit verzi win xp asi SP3 není k dispozici co jsem dohledal na stránkách MS, ale aktualizace budou nadále chodit jako uživatelům s SP3.

[vyosek]

Diky za info, ono XP x64 bit zrovna moc nejsou tradicni

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Search
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
• Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

[travat]

To ano nejsou

Po prvním spuštění Rogue mi hodil error, tak jsem ho spustil znovu a ok.

ADW

# AdwCleaner v2.006 - Logfile created 10/30/2012 at 23:25:39
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (64 bits)
# User : Administrator - A02-0732A
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\ICQToolbar

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (cs)

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhtvkw93.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [981 octets] - [30/10/2012 23:25:39]

########## EOF - C:\AdwCleaner[R1].txt - [1040 octets] ##########



RK


RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP 64 / Windows Home Server / Windows Server 2003 (5.2.3790 Service Pack 2) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 10/30/2012 23:30:55

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : ABUNINSTALLEX (c:\documents and settings\all users\application data\ab studio\ABUnInstallEx.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1776293813-1955127786-1730301673-500[...]\Run : ABUNINSTALLEX (c:\documents and settings\all users\application data\ab studio\ABUnInstallEx.exe) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600JS-60MHB5 +++++
--- User ---
[MBR] 6c8a738cd9485bc1804d9625b9f4a177
[BSP] 96f67f40b3a853b2784376b13c58bf13 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

[vyosek]

Spustte znovu RogueKiller

• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
• Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Delete
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

[travat]

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP 64 / Windows Home Server / Windows Server 2003 (5.2.3790 Service Pack 2) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 10/31/2012 10:30:48

¤¤¤ Bad processes : 1 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : ABUNINSTALLEX (c:\documents and settings\all users\application data\ab studio\ABUnInstallEx.exe) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600JS-60MHB5 +++++
--- User ---
[MBR] 6c8a738cd9485bc1804d9625b9f4a177
[BSP] 96f67f40b3a853b2784376b13c58bf13 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[travat]

# AdwCleaner v2.006 - Logfile created 10/31/2012 at 10:34:42
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (64 bits)
# User : Administrator - A02-0732A
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\ICQToolbar

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (cs)

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rhtvkw93.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1109 octets] - [30/10/2012 23:25:39]
AdwCleaner[S1].txt - [1045 octets] - [31/10/2012 10:34:42]

########## EOF - C:\AdwCleaner[S1].txt - [1105 octets] ##########

[vyosek]

Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe

• Ulozte nejlepe na Plochu
• U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
• Kliknete na Scan
• Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

[travat]

Farbar Service Scanner Version: 27-10-2012
Ran by Administrator (administrator) on 31-10-2012 at 11:09:56
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft(R) Windows(R) XP Professional x64 Edition Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\SysWOW64\dhcpcsvc.dll
[2005-03-25 13:00] - [2007-02-18 10:05] - 0117248 ____A (Microsoft Corporation) 1201DF9A11FBB0F69EBD22E503D3BC87


ATTENTION!=====> C:\Windows\System32\drivers\afd.sys FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\WINDOWS\SysWOW64\Drivers\netbt.sys FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\Windows\System32\Drivers\tcpip.sys FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\WINDOWS\SysWOW64\Drivers\ipsec.sys FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\Windows\System32\dnsrslvr.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\SysWOW64\ipnathlp.dll
[2005-03-25 13:00] - [2007-02-18 10:05] - 0343552 ____A (Microsoft Corporation) 27C6B8C2AFED21C10429A56DB95735F6

C:\WINDOWS\SysWOW64\netman.dll
[2005-03-25 13:00] - [2007-02-18 10:05] - 0263680 ____A (Microsoft Corporation) 12BCFB57162AD17CEA545E362CD886A8


ATTENTION!=====> C:\WINDOWS\SysWOW64\wbem\WMIsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\WINDOWS\SysWOW64\srsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\WINDOWS\SysWOW64\Drivers\sr.sys FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\Windows\System32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\Windows\System32\wbem\WMIsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\WINDOWS\SysWOW64\wuauserv.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\Windows\System32\qmgr.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\Windows\System32\es.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\Windows\System32\cryptsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\Windows\System32\svchost.exe FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\Windows\System32\rpcss.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\WINDOWS\SysWOW64\services.exe FILE IS MISSING AND SHOULD BE RESTORED.


Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000010000100600000007000000
IpSec Tag value is correct.

**** End of log ****

[vyosek]

Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook_x64.exe a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  :filefind
  afd.sys
  netbt.sys
  tcpip.sys
  ipsec.sys
  dnsrslvr.dll
  WMIsvc.dll
  srsvc.dll
  sr.sys
  wscsvc.dll
  WMIsvc.dl
  wuauserv.dll
  qmgr.dll
  es.dll
  cryptsvc.dll
  svchost.exe
  rpcss.dll
  services.exe

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

[travat]

SystemLook 30.07.11 by jpshortstuff
Log created at 11:43 on 31/10/2012 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "afd.sys"
C:\WINDOWS\$hf_mig$\KB2503665\SP2QFE\afd.sys --a---- 292352 bytes [14:20 11/02/2011] [14:20 11/02/2011] 7114E979B0C5D57E924AC7FB4EEC5387
C:\WINDOWS\$hf_mig$\KB2509553\SP2QFE\afd.sys --a---- 292352 bytes [10:47 03/03/2011] [10:47 03/03/2011] 1A461996EE240C9CEF90C4C31622B9EF
C:\WINDOWS\$hf_mig$\KB2645640\SP2QFE\afd.sys --a---- 292352 bytes [16:15 28/12/2011] [16:15 28/12/2011] E01A5EFA2ADA5F3ACFE877DCA449D34D
C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys --a---- 292352 bytes [00:29 21/06/2008] [00:29 21/06/2008] 2DB76C2B6B1F1E8EADEF984668B05E64
C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys --a---- 292352 bytes [19:31 14/08/2008] [19:31 14/08/2008] 475C76DAA5857F2DE7077FC1E10C1236
C:\WINDOWS\$NtServicePackUninstall$\afd.sys -----c- 298496 bytes [17:50 23/09/2007] [12:00 25/03/2005] DFEB26B3E81EE1F3118930B687F24F19
C:\WINDOWS\$NtUninstallKB2503665$\afd.sys -----c- 291840 bytes [09:50 15/06/2011] [10:50 03/03/2011] 9999B88C18ADB200C14C9FBF0CE95D01
C:\WINDOWS\$NtUninstallKB2509553$\afd.sys -----c- 291840 bytes [01:13 19/04/2011] [19:36 14/08/2008] 2659B6C19FCFFFD240831FC7CADD68CE
C:\WINDOWS\$NtUninstallKB2645640$\afd.sys -----c- 291840 bytes [14:21 29/10/2012] [14:23 11/02/2011] 2B61D15CBBCB45057304307C4A541C19
C:\WINDOWS\$NtUninstallKB951748$\afd.sys -----c- 291840 bytes [18:55 16/09/2008] [22:03 16/02/2007] F0E008AC59FAA5ECD22C8891B3300378
C:\WINDOWS\$NtUninstallKB956803$\afd.sys -----c- 291840 bytes [16:10 15/10/2008] [13:07 21/06/2008] 96E895B4F9ADEAF12C4787C10D7B44D0
C:\WINDOWS\ServicePackFiles\amd64\afd.sys ------- 291840 bytes [17:56 23/09/2007] [22:03 16/02/2007] F0E008AC59FAA5ECD22C8891B3300378
C:\WINDOWS\SoftwareDistribution\Download\950717433edf1c1446c801012ce25bd2\SP2GDR\afd.sys --a---- 291840 bytes [16:19 28/12/2011] [16:19 28/12/2011] 886C37D055020D0D02C35AC5B84E76AB
C:\WINDOWS\SoftwareDistribution\Download\950717433edf1c1446c801012ce25bd2\SP2QFE\afd.sys --a---- 292352 bytes [16:15 28/12/2011] [16:15 28/12/2011] E01A5EFA2ADA5F3ACFE877DCA449D34D
C:\WINDOWS\system32\dllcache\afd.sys -----c- 291840 bytes [13:07 21/06/2008] [16:19 28/12/2011] 886C37D055020D0D02C35AC5B84E76AB
C:\WINDOWS\system32\drivers\afd.sys --a---- 291840 bytes [12:00 25/03/2005] [16:19 28/12/2011] 886C37D055020D0D02C35AC5B84E76AB

Searching for "netbt.sys"
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys -----c- 378880 bytes [17:50 23/09/2007] [12:00 25/03/2005] 20038B0D440262B3C69F75245ADDA133
C:\WINDOWS\ServicePackFiles\amd64\netbt.sys ------- 347136 bytes [17:56 23/09/2007] [22:40 16/02/2007] FEDAAFB6CD700B9E0787C94D81C07DB5
C:\WINDOWS\system32\drivers\netbt.sys --a---- 347136 bytes [12:00 25/03/2005] [22:40 16/02/2007] FEDAAFB6CD700B9E0787C94D81C07DB5

Searching for "tcpip.sys"
C:\WINDOWS\$hf_mig$\KB2509553\SP2QFE\tcpip.sys --a---- 784896 bytes [10:47 03/03/2011] [10:47 03/03/2011] CE9A7AC526636585A126FACE243F4574
C:\WINDOWS\$hf_mig$\KB917953\SP1QFE\tcpip.sys --a--c- 812544 bytes [12:34 24/05/2006] [12:34 24/05/2006] B2C87ED1ED6E19E907C066396E54AE06
C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys --a---- 767488 bytes [02:43 31/10/2007] [02:43 31/10/2007] 0A11782DF1DEC17E316F00CE04C64476
C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys --a---- 784896 bytes [00:29 21/06/2008] [00:29 21/06/2008] CE9A7AC526636585A126FACE243F4574
C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys -----c- 703488 bytes [17:50 23/09/2007] [12:38 24/05/2006] 1C3F3DAAE8653BE3BE4E1EADCB23B051
C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys -----c- 702976 bytes [02:02 30/10/2006] [12:00 25/03/2005] 3DBCA4D2398F3336FA78D534DD751764
C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys -----c- 768000 bytes [12:21 09/01/2008] [22:59 16/02/2007] C013E7F14FD378A16F5B7A4B5A7050E9
C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys -----c- 767488 bytes [18:55 16/09/2008] [03:04 31/10/2007] 32256FE01BBA574D5E9EF85F83ABCE5E
C:\WINDOWS\ServicePackFiles\amd64\tcpip.sys ------- 768000 bytes [17:56 23/09/2007] [22:59 16/02/2007] C013E7F14FD378A16F5B7A4B5A7050E9
C:\WINDOWS\system32\dllcache\tcpip.sys --a--c- 768512 bytes [13:07 21/06/2008] [13:07 21/06/2008] 34D970B38E9E835009E1AD07C5422B58
C:\WINDOWS\system32\drivers\tcpip.sys --a---- 768512 bytes [12:00 25/03/2005] [13:07 21/06/2008] 34D970B38E9E835009E1AD07C5422B58

Searching for "ipsec.sys"
C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys -----c- 154624 bytes [17:50 23/09/2007] [12:00 25/03/2005] A348CD2C81103E40E41A242A04025F2C
C:\WINDOWS\ServicePackFiles\amd64\ipsec.sys ------- 156672 bytes [17:55 23/09/2007] [22:31 16/02/2007] DB841EC6F027C780002EF47AABFDDF86
C:\WINDOWS\system32\drivers\ipsec.sys --a---- 156672 bytes [12:00 25/03/2005] [22:31 16/02/2007] DB841EC6F027C780002EF47AABFDDF86

Searching for "dnsrslvr.dll"
C:\WINDOWS\$hf_mig$\KB2509553\SP2QFE\dnsrslvr.dll --a---- 79360 bytes [10:47 03/03/2011] [10:47 03/03/2011] 07A7E1E330E1FB4453FF05FEB1A84924
C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll --a---- 79360 bytes [00:59 19/02/2008] [00:59 19/02/2008] CB99877122D9320F90472BC2A1E224DB
C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll -----c- 79872 bytes [17:51 23/09/2007] [12:00 25/03/2005] 113204FEA282F6F372FA41D48B5095AA
C:\WINDOWS\$NtUninstallKB2509553$\dnsrslvr.dll -----c- 79360 bytes [01:13 19/04/2011] [01:30 19/02/2008] C8712D03512591BACD69A9B026FB905C
C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll -----c- 80384 bytes [01:02 10/04/2008] [22:17 16/02/2007] 551D4D8CEB91D5B5066222A16C747609
C:\WINDOWS\ServicePackFiles\amd64\dnsrslvr.dll ------- 80384 bytes [17:55 23/09/2007] [22:17 16/02/2007] 551D4D8CEB91D5B5066222A16C747609
C:\WINDOWS\system32\dnsrslvr.dll --a---- 79360 bytes [10:50 03/03/2011] [10:50 03/03/2011] 19C1612C4F5D828935D2270C7AF13E6E
C:\WINDOWS\system32\dllcache\dnsrslvr.dll --a--c- 79360 bytes [10:50 03/03/2011] [10:50 03/03/2011] 19C1612C4F5D828935D2270C7AF13E6E
C:\WINDOWS\SysWOW64\dnsrslvr.dll --a---- 45568 bytes [12:00 25/03/2005] [10:50 03/03/2011] E927F3B46F85D934C8F420FE08593D1B

Searching for "WMIsvc.dll"
C:\WINDOWS\$NtServicePackUninstall$\wmisvc.dll -----c- 232448 bytes [17:51 23/09/2007] [12:00 25/03/2005] 3E0D63934B1E86D1F3544FC0110D9914
C:\WINDOWS\ServicePackFiles\amd64\wmisvc.dll ------- 232960 bytes [17:56 23/09/2007] [23:03 16/02/2007] 881271D649E778690A365D73B8958509
C:\WINDOWS\system32\wbem\wmisvc.dll --a---- 232960 bytes [17:55 23/09/2007] [23:03 16/02/2007] 881271D649E778690A365D73B8958509

Searching for "srsvc.dll"
C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll -----c- 231424 bytes [17:52 23/09/2007] [12:00 25/03/2005] 10E36DCEC537563E1EB0CAABD2E6C16B
C:\WINDOWS\ServicePackFiles\amd64\srsvc.dll ------- 231424 bytes [17:56 23/09/2007] [22:56 16/02/2007] 7B6DA719973755BD091131E53AD6EC23
C:\WINDOWS\system32\srsvc.dll --a---- 231424 bytes [17:55 23/09/2007] [22:56 16/02/2007] 7B6DA719973755BD091131E53AD6EC23

Searching for "sr.sys"
C:\WINDOWS\system32\dllcache\sr.sys --a--c- 123904 bytes [13:33 26/10/2006] [12:00 25/03/2005] DAE1D5553D42A06034001D6EF4F5CB36
C:\WINDOWS\system32\drivers\sr.sys --a--c- 123904 bytes [13:33 26/10/2006] [12:00 25/03/2005] DAE1D5553D42A06034001D6EF4F5CB36

Searching for "wscsvc.dll"
C:\WINDOWS\$NtServicePackUninstall$\wscsvc.dll -----c- 74752 bytes [17:52 23/09/2007] [12:00 25/03/2005] CB62F189585F180EE5E10EEF1EEE1FAB
C:\WINDOWS\ServicePackFiles\amd64\wscsvc.dll ------- 74752 bytes [17:56 23/09/2007] [23:04 16/02/2007] 82960CE97C1898C28D7AE62BA6721D27
C:\WINDOWS\system32\wscsvc.dll --a---- 74752 bytes [17:55 23/09/2007] [23:04 16/02/2007] 82960CE97C1898C28D7AE62BA6721D27

Searching for "WMIsvc.dl"
No files found.

Searching for "wuauserv.dll"
C:\WINDOWS\system32\wuauserv.dll --a---- 12288 bytes [13:33 26/10/2006] [12:00 25/03/2005] EF7576AF44B484F7A3E6072D633BAB34
C:\WINDOWS\system32\dllcache\wuauserv.dll --a--c- 12288 bytes [13:33 26/10/2006] [12:00 25/03/2005] EF7576AF44B484F7A3E6072D633BAB34

Searching for "qmgr.dll"
C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll -----c- 707072 bytes [17:50 23/09/2007] [12:00 25/03/2005] 049B94073E8BC3EA91D0CE96C9FFC077
C:\WINDOWS\ServicePackFiles\amd64\qmgr.dll ------- 706560 bytes [17:56 23/09/2007] [22:50 16/02/2007] 749C15323919984A6E08BAD427D89936
C:\WINDOWS\system32\qmgr.dll --a---- 706560 bytes [17:54 23/09/2007] [22:50 16/02/2007] 749C15323919984A6E08BAD427D89936

Searching for "es.dll"
C:\WINDOWS\$hf_mig$\KB902400\SP1QFE\es.dll --a--c- 365568 bytes [15:47 26/08/2005] [15:47 26/08/2005] 8ACEE7A144A80E54A85216FDCFAB8DB6
C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll --a---- 377856 bytes [02:29 30/04/2008] [02:29 30/04/2008] C1C9E77AB6F921CB744B40C390D8466B
C:\WINDOWS\$NtServicePackUninstall$\es.dll -----c- 365568 bytes [17:51 23/09/2007] [15:43 26/08/2005] 2C4E76523E4257AAE7542C292A070946
C:\WINDOWS\$NtUninstallKB902400$\es.dll -----c- 365568 bytes [17:50 30/10/2006] [12:00 25/03/2005] E618ECC912689FB0C04CE5497C80E6F4
C:\WINDOWS\$NtUninstallKB950974$\es.dll -----c- 365568 bytes [18:56 16/09/2008] [22:18 16/02/2007] 3CDFF4AB6CF70B9C687A7BD0517283DA
C:\WINDOWS\ServicePackFiles\amd64\es.dll ------- 365568 bytes [17:56 23/09/2007] [22:18 16/02/2007] 3CDFF4AB6CF70B9C687A7BD0517283DA
C:\WINDOWS\system32\es.dll --a---- 377856 bytes [02:49 30/04/2008] [02:49 30/04/2008] CDEF30A1DCFFCAF6A4E8B7812AE79C95
C:\WINDOWS\system32\dllcache\es.dll --a--c- 377856 bytes [02:49 30/04/2008] [02:49 30/04/2008] CDEF30A1DCFFCAF6A4E8B7812AE79C95
C:\WINDOWS\SysWOW64\es.dll --a---- 247296 bytes [12:00 25/03/2005] [02:49 30/04/2008] C17C56E91045E14DF45D62DD89AED50C

Searching for "cryptsvc.dll"
C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll -----c- 116736 bytes [17:51 23/09/2007] [12:00 25/03/2005] 63602CF83C8DD9CCD87B3A796C723710
C:\WINDOWS\ServicePackFiles\amd64\cryptsvc.dll ------- 116736 bytes [17:56 23/09/2007] [22:09 16/02/2007] 8B0B3744C60936ACAE31012799DB3982
C:\WINDOWS\system32\cryptsvc.dll --a---- 116736 bytes [17:54 23/09/2007] [22:09 16/02/2007] 8B0B3744C60936ACAE31012799DB3982
C:\WINDOWS\SysWOW64\cryptsvc.dll --a---- 56320 bytes [12:00 25/03/2005] [09:05 18/02/2007] FEB85DA744DD3F41A427CF6D2BC04FE4

Searching for "svchost.exe"
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe -----c- 25088 bytes [17:50 23/09/2007] [12:00 25/03/2005] BDDFEB952617080316692951215793E9
C:\WINDOWS\ServicePackFiles\amd64\svchost.exe ------- 25600 bytes [17:56 23/09/2007] [22:59 16/02/2007] 46300880A5062A41C16DF5E3E836A6C9
C:\WINDOWS\system32\svchost.exe --a---- 25600 bytes [17:54 23/09/2007] [22:59 16/02/2007] 46300880A5062A41C16DF5E3E836A6C9
C:\WINDOWS\SysWOW64\svchost.exe --a---- 14848 bytes [12:00 25/03/2005] [09:05 18/02/2007] C09CCFE81DEC9B162533D7184D705682

Searching for "rpcss.dll"
C:\WINDOWS\$hf_mig$\KB902400\SP1QFE\rpcss.dll --a--c- 692224 bytes [15:47 26/08/2005] [15:47 26/08/2005] 4F41285F4A9B2EE319C8EAA1338517B3
C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\rpcss.dll --a---- 845824 bytes [17:42 19/03/2009] [17:42 19/03/2009] 303F3A093D6C5C221BC0980C75024A65
C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll -----c- 691200 bytes [17:50 23/09/2007] [15:43 26/08/2005] BB2DC24A6245FADA2D5D9A52D4CA3200
C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll -----c- 688128 bytes [17:50 30/10/2006] [12:00 25/03/2005] 33FFAB5CFBD19BE197DEB88ADED930CB
C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll -----c- 838656 bytes [06:37 16/04/2009] [22:51 16/02/2007] 8830EF3E7DDB479F00113A5B59B6F601
C:\WINDOWS\ServicePackFiles\amd64\rpcss.dll ------- 838656 bytes [17:56 23/09/2007] [22:51 16/02/2007] 8830EF3E7DDB479F00113A5B59B6F601
C:\WINDOWS\system32\rpcss.dll --a---- 845312 bytes [17:51 19/03/2009] [17:51 19/03/2009] A6130365606F3D6332B014FC3DA931AA
C:\WINDOWS\system32\dllcache\rpcss.dll --a--c- 845312 bytes [17:51 19/03/2009] [17:51 19/03/2009] A6130365606F3D6332B014FC3DA931AA

Searching for "services.exe"
C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe --a---- 227840 bytes [17:42 19/03/2009] [17:42 19/03/2009] 5BC6B0FFA0EB95A02F63D5BCAD39127B
C:\WINDOWS\$NtServicePackUninstall$\services.exe -----c- 221696 bytes [17:50 23/09/2007] [12:00 25/03/2005] 250C256374AB397492ED71AEFCF17436
C:\WINDOWS\$NtUninstallKB956572$\services.exe -----c- 224256 bytes [06:37 16/04/2009] [22:54 16/02/2007] D255E0DDB63A6223BFD8057266380017
C:\WINDOWS\ServicePackFiles\amd64\services.exe ------- 224256 bytes [17:56 23/09/2007] [22:54 16/02/2007] D255E0DDB63A6223BFD8057266380017
C:\WINDOWS\system32\services.exe --a---- 227840 bytes [12:00 25/03/2005] [17:51 19/03/2009] 1E07EE3F50DFF2FE9B0A9D196E82698F
C:\WINDOWS\system32\dllcache\services.exe -----c- 227840 bytes [17:51 19/03/2009] [17:51 19/03/2009] 1E07EE3F50DFF2FE9B0A9D196E82698F

-= EOF =-

[vyosek]

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[travat]

Bohužel pod těmito Windows nejde ComboFix spustit

[vyosek]

A jo, XP 64bit

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  CREATERESTOREPOINT
  
  netsvcs
  drivers32
  savembr:0
  
  /md5start
  atapi.sys
  autochk.exe
  cdrom.sys
  explorer.exe
  hal.dll
  scecli.dll
  services.exe
  svchost.exe
  tcpip.sys
  userinit.exe
  winlogon.exe
  /md5stop
  
  %systemroot%*.* /U /s
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  %SYSTEMDRIVE%\*.exe
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  
  %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
  %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
  %PROGRAMFILES%\Opera\opera.exe /md5
  %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
  
  %SystemDrive%\PhysicalMBR.bin /md5 
  
  *crack* /s
  *keygen* /s
  *loader* /s

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
• Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku