adh.exe, dd.exe, 41780071....620.exe
Napsal: 11 lis 2013 15:56
Dobrý den přeji,
ráda bych se s někým z povolanějších poradila ohledně .exe souborů, které mě za poslední 2 týdny střídavě vítají při spuštění Windows. Na netu jsem našla, že se může jednat o viry, bojím se, aby třeba nevytahovaly citlivé údaje např. během spuštěného internetového bankovnictví apod., ale zatím si netroufám je jakkoli odstraňovat, abych to třeba neprovedla nedostatečně. Na fóru jsem nenašla žádné téma, které by tyto soubory řešilo.
Jedná se o:
- adh.exe
- dd.exe
- 41780071f8522f58927b01b95ec82620.exe
Při téměř každém spuštění Windows se při načítání plochy objeví okno/-a, které hlásí, že "tento program .... .exe přestal pracovat" či s podobnou hláškou, vždy jen na pár vteřin; pak zmizí a systém funguje. Posledně jmenovaný se dnes objevil poprvé.
Kromě toho asi v průběhu posledních 2 týdnů mi asi celkem 3× neočekávaně spadl prohlížeč Firefox a také se častěji stává, že jakýkoli spuštěný program (např. Adobe Photoshop, Acrobat Reader, Office Word, i Firefox) zamrzne a přestane reagovat - v názvu okna nahoře se objeví (Neodpovídá), obrazovka se jakoby zakalí a nemám šanci s tím cokoli udělat. Vím, že spuštěným programům se tohle asi občas stává, když PC vnitřnosti (asi RAM) nestačí s dechem, ale v poslední době je to nepoměrně častěji. Tak si říkám, jestli to náhodou má souvislost s uvedenými .exe soubory.
Budu moc ráda za jakoukoli pomoc. S rádcem Márty84 jsme před měsícem řešili jiný problémový .exe, takže už se "známe" a ví, co posledně v mém PC probíhalo, tak jestli bude mít v nejbližší době čas, bude možná vhodnější to řešit s ním.
Děkuji a rovnou posílám log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Jane at 2013-11-11 15:12:05
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 66 GB (27%) free of 238 GB
Total RAM: 3003 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:12:43, on 11.11.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
C:\Program Files\Comodo\COMODO Internet Security\cis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jane\Desktop\RSIT.exe
C:\Program Files\trend micro\Jane.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [ADSK DLMSession] C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
O4 - HKLM\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [41780071f8522f58927b01b95ec82620] "C:\Users\Jane\AppData\Local\Temp\dd.exe" ..
O4 - HKLM\..\Run: [msrlkwSrv] C:\Windows\inf\msrlkw.vbe
O4 - HKCU\..\Run: [41780071f8522f58927b01b95ec82620] "C:\Users\Jane\AppData\Local\Temp\dd.exe" ..
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: 41780071f8522f58927b01b95ec82620.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files\PDF Architect\ConversionService.exe
--
End of file - 4660 bytes
=========Mozilla firefox=========
ProfilePath - C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\15r9j9xq.default
prefs.js - "extensions.enabledItems" - "{BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
"FFPDFArchitectConverter@pdfarchitect.com"=C:\Program Files\PDF Architect\FFPDFArchitectExt
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
npwachk.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
PDF Architect Helper - C:\Program Files\PDF Architect\PDFIEHelper.dll [2013-01-09 92232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520]
"AmIcoSinglun"=C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [2009-04-09 237568]
"ADSK DLMSession"=C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [2012-07-23 1632216]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2012-02-05 383424]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2013-10-20 1576152]
"41780071f8522f58927b01b95ec82620"=C:\Users\Jane\AppData\Local\Temp\dd.exe [2013-10-19 203264]
"msrlkwSrv"=C:\Windows\inf\msrlkw.vbe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"41780071f8522f58927b01b95ec82620"=C:\Users\Jane\AppData\Local\Temp\dd.exe [2013-10-19 203264]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]
C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
41780071f8522f58927b01b95ec82620.exe
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 228864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.divxa32"=msaud32_divx.acm
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2013-11-11 15:12:05 ----D---- C:\rsit
2013-11-06 18:27:21 ----D---- C:\Program Files\Mozilla Firefox
2013-10-28 15:33:29 ----D---- C:\Users\Jane\AppData\Roaming\pdfforge
2013-10-28 15:33:23 ----D---- C:\Program Files\PDFCreator
2013-10-28 15:33:23 ----A---- C:\Windows\system32\MSMPIDE.DLL
2013-10-28 15:16:12 ----A---- C:\Windows\system32\pdfcmon.dll
2013-10-25 20:59:01 ----D---- C:\Users\Jane\AppData\Roaming\IsolatedStorage
2013-10-25 20:59:01 ----D---- C:\ProgramData\IsolatedStorage
2013-10-25 20:57:30 ----D---- C:\Program Files\FileViewPro
2013-10-25 20:55:47 ----D---- C:\Spacekace
2013-10-25 20:35:08 ----D---- C:\Users\Jane\AppData\Roaming\Opera
2013-10-25 16:38:10 ----A---- C:\Windows\system32\FileOps.exe
2013-10-25 16:38:08 ----D---- C:\Windows\system32\Adobe
2013-10-25 16:34:20 ----D---- C:\AI_CS2_IE_NonRet
2013-10-25 15:55:57 ----D---- C:\ID_CS2_UE_NonRet
2013-10-25 15:42:41 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2013-10-25 15:24:17 ----D---- C:\PhSp_CS2_UE_Ret
2013-10-25 14:32:33 ----D---- C:\CS_2.0_WWE_Extras_2
2013-10-25 14:31:28 ----D---- C:\Creative Suite CS2
2013-10-25 14:31:09 ----D---- C:\Creative Suite
2013-10-24 13:44:58 ----D---- C:\Windows\XSxS
2013-10-24 13:44:58 ----D---- C:\Program Files\Xenocode
2013-10-24 13:37:12 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2013-10-24 13:36:57 ----D---- C:\Users\Jane\AppData\Roaming\DAEMON Tools Lite
2013-10-24 13:36:53 ----D---- C:\Program Files\DAEMON Tools Lite
2013-10-24 13:34:38 ----D---- C:\ProgramData\DAEMON Tools Lite
2013-10-24 13:19:18 ----D---- C:\Program Files\7-Zip
2013-10-23 20:24:19 ----D---- C:\Program Files\GTA Vice City - CRACK
2013-10-23 18:20:20 ----A---- C:\Windows\system32\.tmp
2013-10-22 22:03:47 ----D---- C:\Program Files\Defraggler
2013-10-22 21:36:44 ----SHD---- C:\$RECYCLE.BIN
2013-10-22 16:35:58 ----D---- C:\Users\Jane\AppData\Roaming\XnView
2013-10-22 16:35:27 ----D---- C:\Program Files\XnView
2013-10-19 22:54:33 ----D---- C:\Windows\temp
2013-10-19 10:45:54 ----A---- C:\Windows\system32\TrueSight.sys
2013-10-19 01:46:02 ----A---- C:\Windows\system32\Aplication.exe
2013-10-18 15:35:23 ----D---- C:\Program Files\trend micro
2013-10-18 09:48:14 ----D---- C:\Program Files\Hosts_Anti_Adwares_PUPs
2013-10-17 15:38:13 ----D---- C:\ProgramData\Oracle
2013-10-17 15:36:20 ----D---- C:\Program Files\Common Files\Java
2013-10-17 15:36:14 ----A---- C:\Windows\system32\javaws.exe
2013-10-17 15:36:01 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-10-17 15:36:01 ----A---- C:\Windows\system32\javaw.exe
2013-10-17 15:36:01 ----A---- C:\Windows\system32\java.exe
2013-10-17 15:32:33 ----A---- C:\Program Files\jxpiinstall.exe
2013-10-14 12:05:52 ----D---- C:\Program Files\Google SketchUp 8.0.16846 Free CZ
======List of files/folders modified in the last 1 month======
2013-11-11 15:12:17 ----D---- C:\Windows\Prefetch
2013-11-11 14:40:11 ----D---- C:\Windows\system32\config
2013-11-11 14:30:19 ----D---- C:\Windows\System32
2013-11-11 14:30:19 ----D---- C:\Windows\inf
2013-11-11 14:30:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-11-11 14:25:33 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-11-07 08:31:24 ----RD---- C:\Program Files
2013-11-07 03:30:12 ----D---- C:\Users\Jane\AppData\Roaming\Adobe
2013-11-04 19:26:28 ----SHD---- C:\System Volume Information
2013-11-04 18:38:47 ----D---- C:\Windows
2013-11-03 00:36:06 ----D---- C:\Users\Jane\AppData\Roaming\Winamp
2013-10-28 13:40:44 ----D---- C:\Windows\system32\Tasks
2013-10-25 20:59:01 ----D---- C:\ProgramData
2013-10-25 20:35:09 ----A---- C:\Windows\win.ini
2013-10-25 16:40:22 ----SHD---- C:\Windows\Installer
2013-10-25 16:38:27 ----D---- C:\Program Files\Adobe
2013-10-25 16:38:08 ----D---- C:\Program Files\Common Files\Adobe
2013-10-25 16:07:06 ----D---- C:\ProgramData\Adobe
2013-10-25 15:42:41 ----D---- C:\Program Files\Common Files
2013-10-25 14:36:49 ----D---- C:\Program Files\InstallShield Installation Information
2013-10-24 13:39:00 ----D---- C:\Users\Jane\AppData\Roaming\Seznam.cz
2013-10-24 13:37:55 ----D---- C:\Windows\system32\drivers
2013-10-24 13:37:52 ----D---- C:\Windows\system32\catroot
2013-10-24 13:37:49 ----D---- C:\Windows\system32\DriverStore
2013-10-24 12:53:19 ----D---- C:\ProgramData\COMODO
2013-10-23 18:24:01 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2013-10-22 21:55:34 ----D---- C:\Users\Jane\AppData\Roaming\uTorrent
2013-10-22 21:55:27 ----D---- C:\Windows\Panther
2013-10-22 21:55:26 ----D---- C:\Windows\Logs
2013-10-22 21:55:26 ----D---- C:\Windows\debug
2013-10-22 20:01:38 ----D---- C:\Windows\Minidump
2013-10-22 10:27:37 ----D---- C:\Windows\Tasks
2013-10-19 22:50:16 ----A---- C:\Windows\system.ini
2013-10-19 22:50:01 ----D---- C:\Windows\system32\drivers\etc
2013-10-19 22:43:14 ----D---- C:\Windows\AppPatch
2013-10-18 18:14:24 ----D---- C:\Windows\security
2013-10-17 15:36:00 ----D---- C:\Program Files\Java
2013-10-17 14:52:35 ----D---- C:\Windows\rescache
2013-10-17 14:51:33 ----D---- C:\Windows\system32\catroot2
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2013-09-24 20072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\system32\DRIVERS\cmdguard.sys [2013-09-24 582936]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2013-09-24 44752]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-24 242240]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2013-09-24 85464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
R3 NETw1v32;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw1v32.sys [2009-07-20 5958656]
R3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 WSDScan;Podpora skenování WSD přes UMB; C:\Windows\system32\drivers\WSDScan.sys [2009-07-14 20480]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-05-26 25600]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TrueSight;TrueSight; \??\C:\Windows\system32\TrueSight.sys [2013-10-19 26624]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2013-10-20 4832192]
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [2013-01-09 1324104]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [2013-01-09 795208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2013-10-25 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-09-24 131288]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-11-13 1044816]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-06 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-05-28 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
ráda bych se s někým z povolanějších poradila ohledně .exe souborů, které mě za poslední 2 týdny střídavě vítají při spuštění Windows. Na netu jsem našla, že se může jednat o viry, bojím se, aby třeba nevytahovaly citlivé údaje např. během spuštěného internetového bankovnictví apod., ale zatím si netroufám je jakkoli odstraňovat, abych to třeba neprovedla nedostatečně. Na fóru jsem nenašla žádné téma, které by tyto soubory řešilo.
Jedná se o:
- adh.exe
- dd.exe
- 41780071f8522f58927b01b95ec82620.exe
Při téměř každém spuštění Windows se při načítání plochy objeví okno/-a, které hlásí, že "tento program .... .exe přestal pracovat" či s podobnou hláškou, vždy jen na pár vteřin; pak zmizí a systém funguje. Posledně jmenovaný se dnes objevil poprvé.
Kromě toho asi v průběhu posledních 2 týdnů mi asi celkem 3× neočekávaně spadl prohlížeč Firefox a také se častěji stává, že jakýkoli spuštěný program (např. Adobe Photoshop, Acrobat Reader, Office Word, i Firefox) zamrzne a přestane reagovat - v názvu okna nahoře se objeví (Neodpovídá), obrazovka se jakoby zakalí a nemám šanci s tím cokoli udělat. Vím, že spuštěným programům se tohle asi občas stává, když PC vnitřnosti (asi RAM) nestačí s dechem, ale v poslední době je to nepoměrně častěji. Tak si říkám, jestli to náhodou má souvislost s uvedenými .exe soubory.
Budu moc ráda za jakoukoli pomoc. S rádcem Márty84 jsme před měsícem řešili jiný problémový .exe, takže už se "známe" a ví, co posledně v mém PC probíhalo, tak jestli bude mít v nejbližší době čas, bude možná vhodnější to řešit s ním.
Děkuji a rovnou posílám log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Jane at 2013-11-11 15:12:05
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 66 GB (27%) free of 238 GB
Total RAM: 3003 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:12:43, on 11.11.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
C:\Program Files\Comodo\COMODO Internet Security\cis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jane\Desktop\RSIT.exe
C:\Program Files\trend micro\Jane.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [ADSK DLMSession] C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
O4 - HKLM\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [41780071f8522f58927b01b95ec82620] "C:\Users\Jane\AppData\Local\Temp\dd.exe" ..
O4 - HKLM\..\Run: [msrlkwSrv] C:\Windows\inf\msrlkw.vbe
O4 - HKCU\..\Run: [41780071f8522f58927b01b95ec82620] "C:\Users\Jane\AppData\Local\Temp\dd.exe" ..
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: 41780071f8522f58927b01b95ec82620.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files\PDF Architect\ConversionService.exe
--
End of file - 4660 bytes
=========Mozilla firefox=========
ProfilePath - C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\15r9j9xq.default
prefs.js - "extensions.enabledItems" - "{BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
"FFPDFArchitectConverter@pdfarchitect.com"=C:\Program Files\PDF Architect\FFPDFArchitectExt
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
npwachk.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
PDF Architect Helper - C:\Program Files\PDF Architect\PDFIEHelper.dll [2013-01-09 92232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520]
"AmIcoSinglun"=C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [2009-04-09 237568]
"ADSK DLMSession"=C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [2012-07-23 1632216]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2012-02-05 383424]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2013-10-20 1576152]
"41780071f8522f58927b01b95ec82620"=C:\Users\Jane\AppData\Local\Temp\dd.exe [2013-10-19 203264]
"msrlkwSrv"=C:\Windows\inf\msrlkw.vbe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"41780071f8522f58927b01b95ec82620"=C:\Users\Jane\AppData\Local\Temp\dd.exe [2013-10-19 203264]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]
C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
41780071f8522f58927b01b95ec82620.exe
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 228864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.divxa32"=msaud32_divx.acm
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2013-11-11 15:12:05 ----D---- C:\rsit
2013-11-06 18:27:21 ----D---- C:\Program Files\Mozilla Firefox
2013-10-28 15:33:29 ----D---- C:\Users\Jane\AppData\Roaming\pdfforge
2013-10-28 15:33:23 ----D---- C:\Program Files\PDFCreator
2013-10-28 15:33:23 ----A---- C:\Windows\system32\MSMPIDE.DLL
2013-10-28 15:16:12 ----A---- C:\Windows\system32\pdfcmon.dll
2013-10-25 20:59:01 ----D---- C:\Users\Jane\AppData\Roaming\IsolatedStorage
2013-10-25 20:59:01 ----D---- C:\ProgramData\IsolatedStorage
2013-10-25 20:57:30 ----D---- C:\Program Files\FileViewPro
2013-10-25 20:55:47 ----D---- C:\Spacekace
2013-10-25 20:35:08 ----D---- C:\Users\Jane\AppData\Roaming\Opera
2013-10-25 16:38:10 ----A---- C:\Windows\system32\FileOps.exe
2013-10-25 16:38:08 ----D---- C:\Windows\system32\Adobe
2013-10-25 16:34:20 ----D---- C:\AI_CS2_IE_NonRet
2013-10-25 15:55:57 ----D---- C:\ID_CS2_UE_NonRet
2013-10-25 15:42:41 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2013-10-25 15:24:17 ----D---- C:\PhSp_CS2_UE_Ret
2013-10-25 14:32:33 ----D---- C:\CS_2.0_WWE_Extras_2
2013-10-25 14:31:28 ----D---- C:\Creative Suite CS2
2013-10-25 14:31:09 ----D---- C:\Creative Suite
2013-10-24 13:44:58 ----D---- C:\Windows\XSxS
2013-10-24 13:44:58 ----D---- C:\Program Files\Xenocode
2013-10-24 13:37:12 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2013-10-24 13:36:57 ----D---- C:\Users\Jane\AppData\Roaming\DAEMON Tools Lite
2013-10-24 13:36:53 ----D---- C:\Program Files\DAEMON Tools Lite
2013-10-24 13:34:38 ----D---- C:\ProgramData\DAEMON Tools Lite
2013-10-24 13:19:18 ----D---- C:\Program Files\7-Zip
2013-10-23 20:24:19 ----D---- C:\Program Files\GTA Vice City - CRACK
2013-10-23 18:20:20 ----A---- C:\Windows\system32\.tmp
2013-10-22 22:03:47 ----D---- C:\Program Files\Defraggler
2013-10-22 21:36:44 ----SHD---- C:\$RECYCLE.BIN
2013-10-22 16:35:58 ----D---- C:\Users\Jane\AppData\Roaming\XnView
2013-10-22 16:35:27 ----D---- C:\Program Files\XnView
2013-10-19 22:54:33 ----D---- C:\Windows\temp
2013-10-19 10:45:54 ----A---- C:\Windows\system32\TrueSight.sys
2013-10-19 01:46:02 ----A---- C:\Windows\system32\Aplication.exe
2013-10-18 15:35:23 ----D---- C:\Program Files\trend micro
2013-10-18 09:48:14 ----D---- C:\Program Files\Hosts_Anti_Adwares_PUPs
2013-10-17 15:38:13 ----D---- C:\ProgramData\Oracle
2013-10-17 15:36:20 ----D---- C:\Program Files\Common Files\Java
2013-10-17 15:36:14 ----A---- C:\Windows\system32\javaws.exe
2013-10-17 15:36:01 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-10-17 15:36:01 ----A---- C:\Windows\system32\javaw.exe
2013-10-17 15:36:01 ----A---- C:\Windows\system32\java.exe
2013-10-17 15:32:33 ----A---- C:\Program Files\jxpiinstall.exe
2013-10-14 12:05:52 ----D---- C:\Program Files\Google SketchUp 8.0.16846 Free CZ
======List of files/folders modified in the last 1 month======
2013-11-11 15:12:17 ----D---- C:\Windows\Prefetch
2013-11-11 14:40:11 ----D---- C:\Windows\system32\config
2013-11-11 14:30:19 ----D---- C:\Windows\System32
2013-11-11 14:30:19 ----D---- C:\Windows\inf
2013-11-11 14:30:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-11-11 14:25:33 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-11-07 08:31:24 ----RD---- C:\Program Files
2013-11-07 03:30:12 ----D---- C:\Users\Jane\AppData\Roaming\Adobe
2013-11-04 19:26:28 ----SHD---- C:\System Volume Information
2013-11-04 18:38:47 ----D---- C:\Windows
2013-11-03 00:36:06 ----D---- C:\Users\Jane\AppData\Roaming\Winamp
2013-10-28 13:40:44 ----D---- C:\Windows\system32\Tasks
2013-10-25 20:59:01 ----D---- C:\ProgramData
2013-10-25 20:35:09 ----A---- C:\Windows\win.ini
2013-10-25 16:40:22 ----SHD---- C:\Windows\Installer
2013-10-25 16:38:27 ----D---- C:\Program Files\Adobe
2013-10-25 16:38:08 ----D---- C:\Program Files\Common Files\Adobe
2013-10-25 16:07:06 ----D---- C:\ProgramData\Adobe
2013-10-25 15:42:41 ----D---- C:\Program Files\Common Files
2013-10-25 14:36:49 ----D---- C:\Program Files\InstallShield Installation Information
2013-10-24 13:39:00 ----D---- C:\Users\Jane\AppData\Roaming\Seznam.cz
2013-10-24 13:37:55 ----D---- C:\Windows\system32\drivers
2013-10-24 13:37:52 ----D---- C:\Windows\system32\catroot
2013-10-24 13:37:49 ----D---- C:\Windows\system32\DriverStore
2013-10-24 12:53:19 ----D---- C:\ProgramData\COMODO
2013-10-23 18:24:01 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2013-10-22 21:55:34 ----D---- C:\Users\Jane\AppData\Roaming\uTorrent
2013-10-22 21:55:27 ----D---- C:\Windows\Panther
2013-10-22 21:55:26 ----D---- C:\Windows\Logs
2013-10-22 21:55:26 ----D---- C:\Windows\debug
2013-10-22 20:01:38 ----D---- C:\Windows\Minidump
2013-10-22 10:27:37 ----D---- C:\Windows\Tasks
2013-10-19 22:50:16 ----A---- C:\Windows\system.ini
2013-10-19 22:50:01 ----D---- C:\Windows\system32\drivers\etc
2013-10-19 22:43:14 ----D---- C:\Windows\AppPatch
2013-10-18 18:14:24 ----D---- C:\Windows\security
2013-10-17 15:36:00 ----D---- C:\Program Files\Java
2013-10-17 14:52:35 ----D---- C:\Windows\rescache
2013-10-17 14:51:33 ----D---- C:\Windows\system32\catroot2
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2013-09-24 20072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\system32\DRIVERS\cmdguard.sys [2013-09-24 582936]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2013-09-24 44752]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-24 242240]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2013-09-24 85464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
R3 NETw1v32;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw1v32.sys [2009-07-20 5958656]
R3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 WSDScan;Podpora skenování WSD přes UMB; C:\Windows\system32\drivers\WSDScan.sys [2009-07-14 20480]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-05-26 25600]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TrueSight;TrueSight; \??\C:\Windows\system32\TrueSight.sys [2013-10-19 26624]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2013-10-20 4832192]
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [2013-01-09 1324104]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [2013-01-09 795208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2013-10-25 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-09-24 131288]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-11-13 1044816]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-06 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-05-28 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
