VIRY.CZ

Kamarat mi dal NB aby som ho skontroloval tak by som vas chcel poprosit o kontrolu logu
Dakujem

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:14:00, on 9. 12. 2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\T-Mobile Communication Center\TMCC.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ECCenter.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\Tosbtpcs.exe
C:\Users\Fric\Documents\Bluetooth\SharedFolder\HijackThis.exe
C:\windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: runctf.lnk = C:\Windows\System32\rundll32.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: T-Mobile Communication Center.lnk = C:\Program Files\T-Mobile Communication Center\TMCC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 6450 bytes

Zdravim

Uz nejakou dobu pouzivame RSIT a ne jen HJT

Dejte oba logy z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895

info.txt logfile of random's system information tool 1.09 2012-12-09 13:54:34

======Uninstall list======

Adobe Flash Player 11 Plugin-->C:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -maintain plugin
Adobe Flash Player 9 ActiveX-->C:\windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 9.1 - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-A91000000001}
ArcSoft Magic-i Visual Effects 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E90189A-A5D4-4C0E-A908-06C4236F98EE}\Setup.exe" -l0x9
ArcSoft Print Creations - Album Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5D7039E-0803-4FE8-976D-156DE1147E4F}\Setup.exe" -l0x9 -1AlbumPage
ArcSoft Print Creations - Brochures & Flyers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5D7039E-0803-4FE8-976D-156DE1147E4F}\Setup.exe" -l0x9 -1Brochure
ArcSoft Print Creations - Funhouse II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5D7039E-0803-4FE8-976D-156DE1147E4F}\Setup.exe" -l0x9 -1HouseFun
ArcSoft Print Creations - Funhouse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5D7039E-0803-4FE8-976D-156DE1147E4F}\Setup.exe" -l0x9 -1Funhouse
ArcSoft Print Creations - Greeting Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5D7039E-0803-4FE8-976D-156DE1147E4F}\Setup.exe" -l0x9 -1GreetingCard
ArcSoft Print Creations - Photo Book-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5D7039E-0803-4FE8-976D-156DE1147E4F}\Setup.exe" -l0x9 -1PhotoBook
ArcSoft Print Creations - Photo Calendar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5D7039E-0803-4FE8-976D-156DE1147E4F}\Setup.exe" -l0x9 -1Calendar
ArcSoft Print Creations - Photo Prints-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5D7039E-0803-4FE8-976D-156DE1147E4F}\Setup.exe" -l0x9 -1PhotoPrint
ArcSoft Print Creations - Poster Creator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5D7039E-0803-4FE8-976D-156DE1147E4F}\Setup.exe" -l0x9 -1Poster
ArcSoft Print Creations - Scrapbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5D7039E-0803-4FE8-976D-156DE1147E4F}\Setup.exe" -l0x9 -1ScrapBook
ArcSoft Print Creations - Slimline Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5D7039E-0803-4FE8-976D-156DE1147E4F}\Setup.exe" -l0x9 -1Slimline
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5D7039E-0803-4FE8-976D-156DE1147E4F}\Setup.exe" -l0x9
ArcSoft WebCam Companion 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25478065-4CB1-448C-80E4-8C4529017EE3}\Setup.exe" -l0x9
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
BurnRecovery-->MsiExec.exe /I{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
ENE CIR Receiver Driver-->C:\PROGRA~1\DIFX\37C35FE1F6CAE763\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\enecir.inf_x86_neutral_f5318ad1aa7c7878\enecir.inf
JMicron Flash Media Controller Driver-->"C:\Program Files\JMicron\JMCR_DIR\setup.exe" delpkg
LSI HDA Modem-->C:\windows\agrsmdel
Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office Access MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0044-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox 12.0 (x86 sk)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
MSI Software Install-->MsiExec.exe /I{07690F1C-04B1-4060-9691-6748ED1826B9}
NVIDIA Drivers-->C:\windows\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->"C:\Program Files\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe" -runfromtemp -l0x0409 -removeonly
NVIDIA ForceWare Network Access Manager-->MsiExec.exe /I{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}
Opera 11.61-->"C:\Program Files\Opera\Opera.exe" /uninstall
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}
System Control Manager-->C:\Program Files\InstallShield Installation Information\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}\setup.exe -runfromtemp -l0x0009 -removeonly
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
T-Mobile Communication Center 3.57.95.14-->"C:\Program Files\T-Mobile Communication Center\unins000.exe"
Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe

======System event log======

Computer Name: Fric-msi
Event Code: 1014
Message: Name resolution for the name isatap.Belkin timed out after none of the configured DNS servers responded.
Record Number: 10404
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20111211120611.504007-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Fric-msi
Event Code: 1014
Message: Name resolution for the name isatap.Belkin timed out after none of the configured DNS servers responded.
Record Number: 10399
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20111211120100.160199-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Fric-msi
Event Code: 1014
Message: Name resolution for the name isatap.Belkin timed out after none of the configured DNS servers responded.
Record Number: 10389
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20111211115853.350946-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Fric-msi
Event Code: 1014
Message: Name resolution for the name picasaweb.google.sk timed out after none of the configured DNS servers responded.
Record Number: 10379
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20111211115620.686536-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Fric-msi
Event Code: 2505
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{E9E5B64E-8B1A-45A2-8B80-D984A55BE806} because another computer on the network has the same name. The server could not start.
Record Number: 10377
Source Name: Server
Time Written: 20111211115600.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Fric-msi
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1628342005-742461046-969873601-1000:
Process 512 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1628342005-742461046-969873601-1000

Record Number: 833
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20111113221517.867073-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Fric-msi
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 791
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20111113215554.497037-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Fric-msi
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 789
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20111113215554.341037-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Fric-msi
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.

Record Number: 774
Source Name: Microsoft-Windows-Search
Time Written: 20111113215258.000000-000
Event Type: Warning
User:

Computer Name: Fric-msi
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.

Record Number: 756
Source Name: Microsoft-Windows-Search
Time Written: 20111113214913.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: WIN-A20DA6KK53P
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: WIN-A20DA6KK53P$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x20c
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 306
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091119195040.622000-000
Event Type: Audit Success
User:

Computer Name: WIN-A20DA6KK53P
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 305
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091119195037.626800-000
Event Type: Audit Success
User:

Computer Name: WIN-A20DA6KK53P
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: WIN-A20DA6KK53P$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x20c
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 304
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091119195037.626800-000
Event Type: Audit Success
User:

Computer Name: WIN-A20DA6KK53P
Event Code: 4738
Message: A user account was changed.

Subject:
Security ID: S-1-5-21-3813950322-2590592510-2443954032-500
Account Name: Administrator
Account Domain: WIN-A20DA6KK53P
Logon ID: 0x2b194

Target Account:
Security ID: S-1-5-21-3813950322-2590592510-2443954032-500
Account Name: Administrator
Account Domain: WIN-A20DA6KK53P

Changed Attributes:
SAM Account Name: -
Display Name: -
User Principal Name: -
Home Directory: -
Home Drive: -
Script Path: -
Profile Path: -
User Workstations: -
Password Last Set: -
Account Expires: -
Primary Group ID: -
AllowedToDelegateTo: -
Old UAC Value: 0x211
New UAC Value: 0x211
User Account Control: -
User Parameters: -
SID History: -
Logon Hours: -

Additional Information:
Privileges: -
Record Number: 303
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091119195027.003200-000
Event Type: Audit Success
User:

Computer Name: WIN-A20DA6KK53P
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-3813950322-2590592510-2443954032-500
Account Name: Administrator
Domain Name: WIN-A20DA6KK53P
Logon ID: 0x2b194
Record Number: 302
Source Name: Microsoft-Windows-Eventlog
Time Written: 20091119195026.348000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"configsetroot"=%SystemRoot%\ConfigSetRoot

-----------------EOF-----------------

Logfile of random's system information tool 1.09 (written by random/random)
Run by Fric at 2012-12-09 13:54:31
Microsoft Windows 7 Home Premium
System drive C: has 30 GB (49%) free of 61 GB
Total RAM: 3071 MB (75% free)

HijackThis download failed

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\YourFile DownloaderUpdate.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Fric\AppData\Roaming\Mozilla\Firefox\Profiles\n454nwg9.default

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2009-07-23 13797920]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2009-07-22 83336]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2009-07-24 2068480]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-20 7625248]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 3080264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
T-Mobile Communication Center.lnk - C:\Program Files\T-Mobile Communication Center\TMCC.exe

C:\Users\Fric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
runctf.lnk - C:\Windows\System32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoDispCPL"=0
"DisableChangePassword"=0
"DisableLockWorkstation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"NoDispCPL"=0
"DisableChangePassword"=0
"DisableLockWorkstation"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFind"=0
"NoClose"=0
"NoTrayContextMenu"=0
"NoRun"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFind"=0
"NoClose"=0
"NoTrayContextMenu"=0
"NoRun"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-12-09 13:54:31 ----D---- C:\rsit
2012-12-09 13:54:31 ----D---- C:\Program Files\trend micro
2012-12-07 23:19:34 ----RASH---- C:\SdHeuristic.txt
2012-12-07 16:43:49 ----A---- C:\windows\system32\Wdfres.dll
2012-12-07 16:43:49 ----A---- C:\windows\system32\drivers\WdfLdr.sys
2012-12-07 16:43:49 ----A---- C:\windows\system32\drivers\Wdf01000.sys
2012-12-07 16:43:26 ----A---- C:\windows\system32\drivers\WUDFRd.sys
2012-12-07 16:43:26 ----A---- C:\windows\system32\drivers\WUDFPf.sys
2012-12-07 16:43:25 ----A---- C:\windows\system32\WUDFSvc.dll
2012-12-07 16:43:25 ----A---- C:\windows\system32\WUDFPlatform.dll
2012-12-07 16:43:24 ----A---- C:\windows\system32\WUDFHost.exe
2012-12-07 16:43:24 ----A---- C:\windows\system32\WUDFCoinstaller.dll
2012-12-07 16:43:23 ----A---- C:\windows\system32\WUDFx.dll
2012-12-07 16:42:58 ----A---- C:\windows\system32\drivers\fs_rec.sys
2012-12-07 16:42:57 ----A---- C:\windows\system32\wmi.dll
2012-12-07 16:42:57 ----A---- C:\windows\system32\wintrust.dll
2012-12-07 16:42:57 ----A---- C:\windows\system32\imagehlp.dll
2012-12-06 16:07:48 ----D---- C:\Users\Fric\AppData\Roaming\YourFileDownloader
2012-12-06 16:07:48 ----D---- C:\Program Files\YourFileDownloader
2012-12-04 17:29:16 ----D---- C:\ProgramData\Max Secure
2012-12-04 17:14:08 ----D---- C:\Users\Fric\AppData\Roaming\GetRightToGo
2012-12-04 17:08:11 ----A---- C:\windows\ntbtlog.txt
2012-12-04 16:46:37 ----A---- C:\windows\system32\wups2.dll
2012-12-04 16:46:36 ----A---- C:\windows\system32\wucltux.dll
2012-12-04 16:46:36 ----A---- C:\windows\system32\wuaueng.dll
2012-12-04 16:46:36 ----A---- C:\windows\system32\wuauclt.exe
2012-12-04 16:46:20 ----A---- C:\windows\system32\wuwebv.dll
2012-12-04 16:46:20 ----A---- C:\windows\system32\wuapp.exe

======List of files/folders modified in the last 1 month======

2012-12-09 13:54:32 ----D---- C:\windows\Prefetch
2012-12-09 13:54:31 ----RD---- C:\Program Files
2012-12-09 13:53:30 ----D---- C:\Users\Fric\AppData\Roaming\Skype
2012-12-09 13:53:20 ----D---- C:\windows\Temp
2012-12-09 13:53:18 ----D---- C:\windows\system32\config
2012-12-09 11:51:11 ----D---- C:\windows\system32\drivers
2012-12-09 11:51:11 ----D---- C:\windows\System32
2012-12-09 11:51:10 ----D---- C:\windows\system32\drivers\etc
2012-12-09 11:39:06 ----D---- C:\windows\inf
2012-12-09 11:39:06 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-12-09 11:35:59 ----D---- C:\Users\Fric\AppData\Roaming\DAEMON Tools Lite
2012-12-08 16:02:51 ----D---- C:\windows\rescache
2012-12-08 12:42:41 ----D---- C:\windows\Microsoft.NET
2012-12-08 12:42:40 ----RSD---- C:\windows\assembly
2012-12-08 11:44:43 ----D---- C:\windows\system32\drivers\UMDF
2012-12-08 11:32:02 ----D---- C:\windows\system32\NDF
2012-12-08 00:27:51 ----SHD---- C:\windows\Installer
2012-12-08 00:26:19 ----D---- C:\windows\system32\en-US
2012-12-08 00:26:17 ----D---- C:\Program Files\Microsoft.NET
2012-12-08 00:25:36 ----SHD---- C:\System Volume Information
2012-12-07 22:58:30 ----D---- C:\windows\winsxs
2012-12-07 22:57:11 ----D---- C:\windows\system32\wbem
2012-12-07 22:57:11 ----D---- C:\windows\system32\sk-SK
2012-12-07 22:57:11 ----D---- C:\windows\system32\drivers\en-US
2012-12-07 16:43:58 ----D---- C:\windows\system32\catroot
2012-12-07 16:43:09 ----D---- C:\windows\system32\catroot2
2012-12-06 16:20:31 ----D---- C:\Program Files\Mozilla Firefox
2012-12-06 16:07:49 ----D---- C:\windows\Tasks
2012-12-06 15:26:07 ----HD---- C:\ProgramData
2012-12-04 17:29:28 ----RSD---- C:\windows\Fonts
2012-12-04 17:08:11 ----D---- C:\Windows

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
R0 nvstor32;nvstor32; C:\windows\system32\DRIVERS\nvstor32.sys [2009-08-05 213024]
R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-14 218688]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
R1 Tosrfcom;Bluetooth RFCOMM; C:\windows\System32\Drivers\tosrfcom.sys [2009-07-29 69480]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2009-04-07 1161664]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2009-07-16 1176064]
R3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 enecir;ENE CIR Receiver; C:\windows\system32\DRIVERS\enecir.sys [2009-05-20 59904]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2009-07-20 2664032]
R3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 119256]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 tosporte;Bluetooth COM Port; C:\windows\system32\DRIVERS\tosporte.sys [2009-06-17 46984]
R3 tosrfbd;Bluetooth RFBUS; C:\windows\system32\DRIVERS\tosrfbd.sys [2009-08-28 169064]
R3 tosrfbnp;Bluetooth RFBNEP; C:\windows\System32\Drivers\tosrfbnp.sys [2009-06-19 42472]
R3 Tosrfhid;Bluetooth RFHID; C:\windows\system32\DRIVERS\Tosrfhid.sys [2009-06-19 79872]
R3 tosrfnds;Bluetooth Personal Area Network; C:\windows\system32\DRIVERS\tosrfnds.sys [2009-07-24 21608]
R3 Tosrfusb;Bluetooth USB Controller; C:\windows\system32\DRIVERS\tosrfusb.sys [2009-08-05 49400]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 enecirhid;ENE CIR HID Receiver; C:\windows\system32\DRIVERS\enecirhid.sys [2009-05-19 11776]
S3 enecirhidma;ENE CIR HIDmini Filter; C:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-24 5632]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\windows\system32\drivers\massfilter.sys [2011-11-16 9216]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\windows\system32\DRIVERS\nvmf6232.sys [2009-07-31 287392]
S3 nvsmu;nvsmu; C:\windows\system32\DRIVERS\nvsmu.sys [2009-06-29 17920]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 smserial;smserial; C:\windows\system32\DRIVERS\smserial.sys []
S3 toshidpt;Bluetooth HID Port; C:\windows\system32\drivers\Toshidpt.sys [2009-06-19 9608]
S3 TosRfSnd;Bluetooth Audio; C:\windows\system32\drivers\tosrfsnd.sys [2009-08-05 61168]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys [2011-11-16 105088]
S3 ZTEusbnmea;ZTE NMEA Port; C:\windows\system32\DRIVERS\ZTEusbnmea.sys [2011-11-16 105088]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\windows\system32\DRIVERS\ZTEusbser6k.sys [2011-11-16 105088]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-03-28 14336]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2009-08-11 387616]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [2009-07-10 160768]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2009-08-11 178720]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2009-07-23 211488]
R3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-07-31 144752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-17 129976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-11-14 1343400]

-----------------EOF-----------------

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

• Provedte aktualizaci
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni