podezření na vir
Napsal: 20 kvě 2014 14:05
Dobrý den,
prosím o kontrolu logu z rsit: nejde mi spustit řada programů, vyžaduje oprávnění, u obnovy systému nemůže najít rstui.exe....
Logfile of random's system information tool 1.09 (written by random/random)
Run by ROCOR at 2014-05-20 15:00:53
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 78 GB (33%) free of 238 GB
Total RAM: 8078 MB (81% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:00:55, on 20.5.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\Fujitsu\LASER MOUSE\1.0\GTGMouse.exe
C:\Program Files (x86)\MuralPix\MpAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\ROCOR.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GTGMOUSE] "C:\Program Files (x86)\Fujitsu\LASER MOUSE\1.0\GTGMouse.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MuralPixAgent] C:\Program Files (x86)\MuralPix\MpAgent.exe /r
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: joalis.lnk = C:\Users\ROCOR\Desktop\ROCOR\joalis.txt
O4 - Global Startup: speedfan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Ochrana softwaru (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Stínová kopie svazku (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 6215 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
winlogon.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss e31cbb89-d817-40bb-9df8-bec6a246d540 1
\??\C:\Windows\system32\conhost.exe "77092881720223243331980353211-124657318-1140230865395699845-1459771762499589281
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-39572917272845525-531593877-637536518-123863559183412454813159711512081755214
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
WLIDSvcM.exe 1536
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Windows\SysWOW64\HsMgr.exe" Envoke
"C:\Windows\system\HsMgr64.exe" Envoke
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\ASUSAUDIOCENTER.EXE"
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\ROCOR\Desktop\ROCOR\joalis.txt
"C:\Program Files (x86)\SpeedFan\speedfan.exe"
"C:\Program Files (x86)\Fujitsu\LASER MOUSE\1.0\GTGMouse.exe"
"C:\Program Files (x86)\MuralPix\MpAgent.exe" /r
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\SysWOW64\NT Kernel\NTKernel.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\taskmgr.exe" /4
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\services.msc"
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Users\ROCOR\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\SmartPCFix Task.job
=========Mozilla firefox=========
ProfilePath - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\t3t33i1l.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.advaita.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
npwachk.dll
C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\t3t33i1l.default\extensions\
cs2@dictionaries.addons.mozilla.org
cs@dictionaries.addons.mozilla.org
{1018e4d6-728f-4b20-ad56-37578a4de76b}(2)
{1018e4d6-728f-4b20-ad56-37578a4de76b}(3)
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(2)
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(3)
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(3)
C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\t3t33i1l.default\searchplugins\
doplky-pro-firefox.xml
fextralife-wikis-darksouls2.xml
hledn-na-irecepti.xml
icqplugin-30.xml
icqplugin-31.xml
icqplugin-32.xml
peklada-google.xml
sfd.xml
torrent-metasearch.xml
uloto.xml
vyhledvn-vide-ve-slub-youtube.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-18 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-18 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8788"=C:\Windows\syswow64\RunDll32.exe [2009-07-14 44544]
"Cmaudio8788GX"=C:\Windows\syswow64\HsMgr.exe [2008-07-11 200704]
"Cmaudio8788GX64"=C:\Windows\system\HsMgr64.exe [2008-07-11 282112]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-12-14 172144]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-12-14 399984]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-12-14 441968]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-04-02 2201032]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB3MON]
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2013-02-22 292088]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GTGMOUSE"=C:\Program Files (x86)\Fujitsu\LASER MOUSE\1.0\GTGMouse.exe [2007-08-13 482816]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]
"MuralPixAgent"=C:\Program Files (x86)\MuralPix\MpAgent.exe [2006-12-30 102400]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
joalis.lnk - C:\Users\ROCOR\Desktop\ROCOR\joalis.txt
speedfan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-12-14 442880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastSvc.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastUI.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgidsagent.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blindman.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccuac.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\instup.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keyscrambler.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbampt.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamscheduler.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDFiles.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDMain.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDWinSec.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wireshark.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlclient.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-05-20 14:38:49 ----D---- C:\Program Files (x86)\Avira
2014-05-20 14:36:42 ----A---- C:\Windows\ntbtlog.txt
2014-05-20 13:31:45 ----A---- C:\Users\ROCOR\AppData\Roaming\msconfig.ini
2014-05-20 13:31:44 ----SHD---- C:\Windows\SYSWOW64\NT Kernel
2014-05-06 14:50:16 ----A---- C:\Windows\SYSWOW64\sqlite3.dll
2014-05-02 19:58:16 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-02 19:48:03 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-04-25 13:35:38 ----D---- C:\Users\ROCOR\AppData\Roaming\DarkSoulsII
2014-04-23 11:54:48 ----D---- C:\Program Files (x86)\Electronic Arts
2014-04-23 11:51:41 ----D---- C:\ProgramData\Solidshield
2014-04-21 06:55:42 ----D---- C:\Windows\Migration
2014-04-21 06:53:40 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2014-04-21 06:53:40 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-21 06:53:40 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-21 06:53:40 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-21 06:53:40 ----A---- C:\Windows\system32\tsgqec.dll
2014-04-21 06:53:40 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-04-21 06:53:39 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll
2014-04-21 06:53:39 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2014-04-21 06:53:39 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-04-21 06:53:39 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-04-21 06:53:39 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll
2014-04-21 06:53:39 ----A---- C:\Windows\system32\wksprtPS.dll
2014-04-21 06:53:39 ----A---- C:\Windows\system32\wksprt.exe
2014-04-21 06:53:39 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-04-21 06:53:39 ----A---- C:\Windows\system32\rdvidcrl.dll
2014-04-21 06:53:39 ----A---- C:\Windows\system32\mstscax.dll
2014-04-21 06:53:39 ----A---- C:\Windows\system32\mstsc.exe
2014-04-21 06:53:39 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-04-21 06:50:05 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-04-21 06:50:05 ----A---- C:\Windows\system32\vbscript.dll
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\secproc.dll
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2014-04-21 06:33:14 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-04-21 06:33:14 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-04-21 06:33:14 ----A---- C:\Windows\system32\secproc_isv.dll
2014-04-21 06:33:14 ----A---- C:\Windows\system32\secproc.dll
2014-04-21 06:33:14 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-21 06:33:14 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-04-21 06:33:14 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-04-21 06:33:14 ----A---- C:\Windows\system32\RMActivate.exe
2014-04-21 06:33:14 ----A---- C:\Windows\system32\msdrm.dll
2014-04-21 06:32:51 ----A---- C:\Windows\SYSWOW64\tdh.dll
2014-04-21 06:32:51 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-04-21 06:32:51 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-04-21 06:32:51 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2014-04-21 06:32:51 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2014-04-21 06:32:51 ----A---- C:\Windows\system32\tdh.dll
2014-04-21 06:32:51 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-04-21 06:32:51 ----A---- C:\Windows\system32\ntdll.dll
2014-04-21 06:32:51 ----A---- C:\Windows\system32\advapi32.dll
2014-04-21 06:32:50 ----A---- C:\Windows\SYSWOW64\TSWorkspace.dll
2014-04-21 06:32:50 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-04-21 06:32:49 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-04-21 06:32:49 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-04-21 06:32:49 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-04-21 06:32:49 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-04-21 06:32:49 ----A---- C:\Windows\system32\sspisrv.dll
2014-04-21 06:32:49 ----A---- C:\Windows\system32\sspicli.dll
2014-04-21 06:32:49 ----A---- C:\Windows\system32\schannel.dll
2014-04-21 06:32:49 ----A---- C:\Windows\system32\secur32.dll
2014-04-21 06:32:49 ----A---- C:\Windows\system32\ncrypt.dll
2014-04-21 06:32:49 ----A---- C:\Windows\system32\lsass.exe
2014-04-21 06:32:49 ----A---- C:\Windows\system32\lsasrv.dll
2014-04-21 06:32:49 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-04-21 06:32:49 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-04-21 06:32:49 ----A---- C:\Windows\system32\drivers\cng.sys
2014-04-21 06:32:48 ----A---- C:\Windows\SYSWOW64\mswsock.dll
2014-04-21 06:32:48 ----A---- C:\Windows\system32\mswsock.dll
2014-04-21 06:32:47 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll
2014-04-21 06:32:47 ----A---- C:\Windows\SYSWOW64\credui.dll
2014-04-21 06:32:47 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-04-21 06:32:47 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2014-04-21 06:32:47 ----A---- C:\Windows\system32\credui.dll
2014-04-21 06:32:47 ----A---- C:\Windows\system32\authui.dll
2014-04-21 06:32:46 ----A---- C:\Windows\SYSWOW64\iologmsg.dll
2014-04-21 06:32:46 ----A---- C:\Windows\system32\iologmsg.dll
2014-04-21 06:32:46 ----A---- C:\Windows\system32\drivers\storport.sys
2014-04-21 06:32:46 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2014-04-21 06:32:46 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2014-04-21 06:32:44 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2014-04-21 06:32:44 ----A---- C:\Windows\system32\crypt32.dll
2014-04-21 06:32:43 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2014-04-21 06:32:43 ----A---- C:\Windows\system32\WMPhoto.dll
2014-04-21 06:32:42 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-04-21 06:32:42 ----A---- C:\Windows\system32\tzres.dll
2014-04-21 06:32:41 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-04-21 06:32:41 ----A---- C:\Windows\system32\d3d10warp.dll
2014-04-21 06:32:41 ----A---- C:\Windows\system32\d2d1.dll
2014-04-21 06:32:40 ----A---- C:\Windows\SYSWOW64\lpk.dll
2014-04-21 06:32:40 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2014-04-21 06:32:40 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2014-04-21 06:32:40 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2014-04-21 06:32:40 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2014-04-21 06:32:40 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2014-04-21 06:32:40 ----A---- C:\Windows\system32\lpk.dll
2014-04-21 06:32:40 ----A---- C:\Windows\system32\fontsub.dll
2014-04-21 06:32:40 ----A---- C:\Windows\system32\dciman32.dll
2014-04-21 06:32:40 ----A---- C:\Windows\system32\atmlib.dll
2014-04-21 06:32:40 ----A---- C:\Windows\system32\atmfd.dll
2014-04-21 06:32:39 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2014-04-21 06:32:39 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-04-21 06:32:39 ----A---- C:\Windows\system32\comctl32.dll
2014-04-21 06:32:38 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-04-21 06:32:38 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-04-21 06:32:38 ----A---- C:\Windows\system32\msxml3r.dll
2014-04-21 06:32:38 ----A---- C:\Windows\system32\msxml3.dll
2014-04-21 06:32:38 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2014-04-21 06:32:38 ----A---- C:\Windows\system32\drivers\netio.sys
2014-04-21 06:32:37 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2014-04-21 06:32:37 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2014-04-21 06:32:37 ----A---- C:\Windows\system32\WebClnt.dll
2014-04-21 06:32:37 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2014-04-21 06:32:37 ----A---- C:\Windows\system32\davclnt.dll
2014-04-21 06:32:36 ----A---- C:\Windows\SYSWOW64\msieftp.dll
2014-04-21 06:32:36 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2014-04-21 06:32:36 ----A---- C:\Windows\system32\wwansvc.dll
2014-04-21 06:32:36 ----A---- C:\Windows\system32\msieftp.dll
2014-04-21 06:32:36 ----A---- C:\Windows\system32\imagehlp.dll
2014-04-21 06:32:36 ----A---- C:\Windows\system32\drivers\portcls.sys
2014-04-21 06:32:36 ----A---- C:\Windows\system32\drivers\drmk.sys
2014-04-21 06:32:35 ----A---- C:\Windows\SYSWOW64\wer.dll
2014-04-21 06:32:35 ----A---- C:\Windows\system32\wer.dll
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\usbport.sys
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\usbohci.sys
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\usbhub.sys
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\usbehci.sys
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\usbd.sys
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\hidparse.sys
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\hidclass.sys
2014-04-21 06:32:34 ----A---- C:\Windows\system32\drivers\usbcir.sys
2014-04-21 06:32:34 ----A---- C:\Windows\system32\drivers\afd.sys
2014-04-21 06:31:49 ----A---- C:\Windows\system32\win32k.sys
2014-04-21 06:31:48 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-04-21 06:31:48 ----A---- C:\Windows\system32\gdi32.dll
2014-04-21 06:31:39 ----A---- C:\Windows\SYSWOW64\wow32.dll
2014-04-21 06:31:39 ----A---- C:\Windows\SYSWOW64\user.exe
2014-04-21 06:31:39 ----A---- C:\Windows\SYSWOW64\setup16.exe
2014-04-21 06:31:39 ----A---- C:\Windows\SYSWOW64\qedit.dll
2014-04-21 06:31:39 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2014-04-21 06:31:39 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-04-21 06:31:39 ----A---- C:\Windows\SYSWOW64\instnm.exe
2014-04-21 06:31:39 ----A---- C:\Windows\system32\wow64win.dll
2014-04-21 06:31:39 ----A---- C:\Windows\system32\wow64cpu.dll
2014-04-21 06:31:39 ----A---- C:\Windows\system32\wow64.dll
2014-04-21 06:31:39 ----A---- C:\Windows\system32\qedit.dll
2014-04-21 06:31:39 ----A---- C:\Windows\system32\ntvdm64.dll
2014-04-21 06:31:39 ----A---- C:\Windows\system32\kernel32.dll
2014-04-21 06:30:41 ----A---- C:\Windows\system32\drivers\ntfs.sys
2014-04-21 06:30:40 ----A---- C:\Windows\SYSWOW64\wscript.exe
2014-04-21 06:30:40 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-04-21 06:30:40 ----A---- C:\Windows\SYSWOW64\scrrun.dll
2014-04-21 06:30:40 ----A---- C:\Windows\SYSWOW64\cscript.exe
2014-04-21 06:30:40 ----A---- C:\Windows\system32\wscript.exe
2014-04-21 06:30:40 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-04-21 06:30:40 ----A---- C:\Windows\system32\scrrun.dll
2014-04-21 06:30:40 ----A---- C:\Windows\system32\scavengeui.dll
2014-04-21 06:30:40 ----A---- C:\Windows\system32\cscript.exe
2014-04-21 06:30:39 ----A---- C:\Windows\SYSWOW64\nshwfp.dll
2014-04-21 06:30:39 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL
2014-04-21 06:30:39 ----A---- C:\Windows\system32\nshwfp.dll
2014-04-21 06:30:39 ----A---- C:\Windows\system32\IKEEXT.DLL
2014-04-21 06:30:39 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2014-04-21 06:30:39 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-04-21 06:20:51 ----ASH---- C:\pagefile.sys
======List of files/folders modified in the last 1 month======
2014-05-20 15:00:55 ----D---- C:\Windows\Prefetch
2014-05-20 15:00:54 ----D---- C:\Program Files\trend micro
2014-05-20 14:58:14 ----D---- C:\Program Files (x86)\SpeedFan
2014-05-20 14:58:11 ----D---- C:\ProgramData\NVIDIA
2014-05-20 14:50:33 ----RD---- C:\Program Files (x86)
2014-05-20 14:48:10 ----SHD---- C:\Recovery
2014-05-20 14:46:18 ----D---- C:\Windows\System32
2014-05-20 14:46:18 ----D---- C:\Windows\inf
2014-05-20 14:46:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-20 14:41:32 ----D---- C:\AdwCleaner
2014-05-20 14:40:18 ----HD---- C:\ProgramData
2014-05-20 14:39:13 ----D---- C:\Windows\system32\drivers
2014-05-20 14:38:59 ----D---- C:\Windows\Temp
2014-05-20 14:38:58 ----D---- C:\Windows\system32\catroot
2014-05-20 14:38:10 ----D---- C:\Windows
2014-05-20 14:01:34 ----D---- C:\Users\ROCOR\AppData\Roaming\Winamp
2014-05-20 14:01:34 ----D---- C:\Users\ROCOR\AppData\Roaming\uTorrent
2014-05-20 13:44:17 ----D---- C:\Program Files\SUPERAntiSpyware
2014-05-20 13:35:05 ----SHD---- C:\System Volume Information
2014-05-20 13:31:44 ----D---- C:\Windows\SysWOW64
2014-05-20 10:44:54 ----D---- C:\Users\ROCOR\AppData\Roaming\foobar2000
2014-05-19 16:36:28 ----A---- C:\Windows\BlendSettings.ini
2014-05-19 06:56:48 ----D---- C:\ProgramData\boost_interprocess
2014-05-17 11:21:20 ----D---- C:\Windows\system32\config
2014-04-25 13:35:35 ----SHD---- C:\Windows\Installer
2014-04-25 13:35:35 ----SHD---- C:\Config.Msi
2014-04-24 14:27:48 ----D---- C:\Windows\system32\drivers\UMDF
2014-04-24 12:27:08 ----D---- C:\Windows\Logs
2014-04-23 17:26:46 ----D---- C:\Windows\system32\catroot2
2014-04-23 11:54:37 ----RSD---- C:\Windows\assembly
2014-04-21 16:35:58 ----D---- C:\Windows\rescache
2014-04-21 13:55:05 ----D---- C:\Windows\debug
2014-04-21 12:45:14 ----D---- C:\Windows\Microsoft.NET
2014-04-21 12:03:34 ----D---- C:\Windows\winsxs
2014-04-21 12:03:00 ----D---- C:\Program Files\Microsoft Silverlight
2014-04-21 12:03:00 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-04-21 12:02:19 ----D---- C:\Windows\SYSWOW64\wbem
2014-04-21 12:02:19 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-04-21 12:02:19 ----D---- C:\Windows\system32\wbem
2014-04-21 12:02:19 ----D---- C:\Windows\system32\drivers\en-US
2014-04-21 12:02:19 ----D---- C:\Windows\system32\cs-CZ
2014-04-21 12:02:19 ----D---- C:\Windows\AppPatch
2014-04-21 12:02:18 ----D---- C:\Windows\system32\DriverStore
2014-04-21 06:56:21 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-04-21 06:55:45 ----D---- C:\Windows\SYSWOW64\en-US
2014-04-21 06:55:45 ----D---- C:\Windows\system32\en-US
2014-04-21 06:55:42 ----SD---- C:\ProgramData\Microsoft
2014-04-21 06:44:42 ----D---- C:\Windows\system32\MRT
2014-04-21 06:26:36 ----D---- C:\Windows\SoftwareDistribution
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 asahci64;asahci64; C:\Windows\system32\DRIVERS\asahci64.sys [2011-09-21 49760]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2012-09-01 647736]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2012-09-01 28216]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2013-02-22 20464]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-11-24 283064]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R3 cmudaxp;ASUS Xonar Essence ST Audio Interface; C:\Windows\system32\drivers\cmudaxp.sys [2013-04-11 2734080]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2012-02-19 59392]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2012-02-19 84608]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-12-14 5353888]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2013-02-22 358896]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2013-02-22 792560]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-21 40392]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-28 26440]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 77512]
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-04-08 68992]
S3 MSICDSetup;MSICDSetup; \??\E:\CDriver64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 43976]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2010-04-28 36936]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-28 16200]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-04-02 1615192]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-04-02 20541216]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-03-04 922968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-03-04 411936]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-05-23 143120]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-12-14 277616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-04-22 119408]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-01-20 1255736]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-17 257416]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
prosím o kontrolu logu z rsit: nejde mi spustit řada programů, vyžaduje oprávnění, u obnovy systému nemůže najít rstui.exe....
Logfile of random's system information tool 1.09 (written by random/random)
Run by ROCOR at 2014-05-20 15:00:53
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 78 GB (33%) free of 238 GB
Total RAM: 8078 MB (81% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:00:55, on 20.5.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\Fujitsu\LASER MOUSE\1.0\GTGMouse.exe
C:\Program Files (x86)\MuralPix\MpAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\ROCOR.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GTGMOUSE] "C:\Program Files (x86)\Fujitsu\LASER MOUSE\1.0\GTGMouse.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MuralPixAgent] C:\Program Files (x86)\MuralPix\MpAgent.exe /r
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: joalis.lnk = C:\Users\ROCOR\Desktop\ROCOR\joalis.txt
O4 - Global Startup: speedfan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Ochrana softwaru (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Stínová kopie svazku (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 6215 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
winlogon.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss e31cbb89-d817-40bb-9df8-bec6a246d540 1
\??\C:\Windows\system32\conhost.exe "77092881720223243331980353211-124657318-1140230865395699845-1459771762499589281
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-39572917272845525-531593877-637536518-123863559183412454813159711512081755214
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
WLIDSvcM.exe 1536
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Windows\SysWOW64\HsMgr.exe" Envoke
"C:\Windows\system\HsMgr64.exe" Envoke
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\ASUSAUDIOCENTER.EXE"
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\ROCOR\Desktop\ROCOR\joalis.txt
"C:\Program Files (x86)\SpeedFan\speedfan.exe"
"C:\Program Files (x86)\Fujitsu\LASER MOUSE\1.0\GTGMouse.exe"
"C:\Program Files (x86)\MuralPix\MpAgent.exe" /r
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\SysWOW64\NT Kernel\NTKernel.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\taskmgr.exe" /4
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\services.msc"
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Users\ROCOR\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\SmartPCFix Task.job
=========Mozilla firefox=========
ProfilePath - C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\t3t33i1l.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.advaita.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
npwachk.dll
C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\t3t33i1l.default\extensions\
cs2@dictionaries.addons.mozilla.org
cs@dictionaries.addons.mozilla.org
{1018e4d6-728f-4b20-ad56-37578a4de76b}(2)
{1018e4d6-728f-4b20-ad56-37578a4de76b}(3)
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(2)
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}(3)
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(3)
C:\Users\ROCOR\AppData\Roaming\Mozilla\Firefox\Profiles\t3t33i1l.default\searchplugins\
doplky-pro-firefox.xml
fextralife-wikis-darksouls2.xml
hledn-na-irecepti.xml
icqplugin-30.xml
icqplugin-31.xml
icqplugin-32.xml
peklada-google.xml
sfd.xml
torrent-metasearch.xml
uloto.xml
vyhledvn-vide-ve-slub-youtube.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-18 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-18 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8788"=C:\Windows\syswow64\RunDll32.exe [2009-07-14 44544]
"Cmaudio8788GX"=C:\Windows\syswow64\HsMgr.exe [2008-07-11 200704]
"Cmaudio8788GX64"=C:\Windows\system\HsMgr64.exe [2008-07-11 282112]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-12-14 172144]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-12-14 399984]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-12-14 441968]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-04-02 2201032]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB3MON]
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2013-02-22 292088]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GTGMOUSE"=C:\Program Files (x86)\Fujitsu\LASER MOUSE\1.0\GTGMouse.exe [2007-08-13 482816]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]
"MuralPixAgent"=C:\Program Files (x86)\MuralPix\MpAgent.exe [2006-12-30 102400]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
joalis.lnk - C:\Users\ROCOR\Desktop\ROCOR\joalis.txt
speedfan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-12-14 442880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastSvc.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastUI.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgidsagent.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blindman.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccuac.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\instup.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keyscrambler.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbampt.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamscheduler.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDFiles.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDMain.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDWinSec.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wireshark.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlclient.exe]
"Debugger="nqij.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-05-20 14:38:49 ----D---- C:\Program Files (x86)\Avira
2014-05-20 14:36:42 ----A---- C:\Windows\ntbtlog.txt
2014-05-20 13:31:45 ----A---- C:\Users\ROCOR\AppData\Roaming\msconfig.ini
2014-05-20 13:31:44 ----SHD---- C:\Windows\SYSWOW64\NT Kernel
2014-05-06 14:50:16 ----A---- C:\Windows\SYSWOW64\sqlite3.dll
2014-05-02 19:58:16 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-02 19:48:03 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-04-25 13:35:38 ----D---- C:\Users\ROCOR\AppData\Roaming\DarkSoulsII
2014-04-23 11:54:48 ----D---- C:\Program Files (x86)\Electronic Arts
2014-04-23 11:51:41 ----D---- C:\ProgramData\Solidshield
2014-04-21 06:55:42 ----D---- C:\Windows\Migration
2014-04-21 06:53:40 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2014-04-21 06:53:40 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-21 06:53:40 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-21 06:53:40 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-21 06:53:40 ----A---- C:\Windows\system32\tsgqec.dll
2014-04-21 06:53:40 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-04-21 06:53:39 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll
2014-04-21 06:53:39 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2014-04-21 06:53:39 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-04-21 06:53:39 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-04-21 06:53:39 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll
2014-04-21 06:53:39 ----A---- C:\Windows\system32\wksprtPS.dll
2014-04-21 06:53:39 ----A---- C:\Windows\system32\wksprt.exe
2014-04-21 06:53:39 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-04-21 06:53:39 ----A---- C:\Windows\system32\rdvidcrl.dll
2014-04-21 06:53:39 ----A---- C:\Windows\system32\mstscax.dll
2014-04-21 06:53:39 ----A---- C:\Windows\system32\mstsc.exe
2014-04-21 06:53:39 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-04-21 06:50:05 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-04-21 06:50:05 ----A---- C:\Windows\system32\vbscript.dll
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\secproc.dll
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2014-04-21 06:33:14 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2014-04-21 06:33:14 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-04-21 06:33:14 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-04-21 06:33:14 ----A---- C:\Windows\system32\secproc_isv.dll
2014-04-21 06:33:14 ----A---- C:\Windows\system32\secproc.dll
2014-04-21 06:33:14 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-21 06:33:14 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-04-21 06:33:14 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-04-21 06:33:14 ----A---- C:\Windows\system32\RMActivate.exe
2014-04-21 06:33:14 ----A---- C:\Windows\system32\msdrm.dll
2014-04-21 06:32:51 ----A---- C:\Windows\SYSWOW64\tdh.dll
2014-04-21 06:32:51 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-04-21 06:32:51 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-04-21 06:32:51 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2014-04-21 06:32:51 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2014-04-21 06:32:51 ----A---- C:\Windows\system32\tdh.dll
2014-04-21 06:32:51 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-04-21 06:32:51 ----A---- C:\Windows\system32\ntdll.dll
2014-04-21 06:32:51 ----A---- C:\Windows\system32\advapi32.dll
2014-04-21 06:32:50 ----A---- C:\Windows\SYSWOW64\TSWorkspace.dll
2014-04-21 06:32:50 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-04-21 06:32:49 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-04-21 06:32:49 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-04-21 06:32:49 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-04-21 06:32:49 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-04-21 06:32:49 ----A---- C:\Windows\system32\sspisrv.dll
2014-04-21 06:32:49 ----A---- C:\Windows\system32\sspicli.dll
2014-04-21 06:32:49 ----A---- C:\Windows\system32\schannel.dll
2014-04-21 06:32:49 ----A---- C:\Windows\system32\secur32.dll
2014-04-21 06:32:49 ----A---- C:\Windows\system32\ncrypt.dll
2014-04-21 06:32:49 ----A---- C:\Windows\system32\lsass.exe
2014-04-21 06:32:49 ----A---- C:\Windows\system32\lsasrv.dll
2014-04-21 06:32:49 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-04-21 06:32:49 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-04-21 06:32:49 ----A---- C:\Windows\system32\drivers\cng.sys
2014-04-21 06:32:48 ----A---- C:\Windows\SYSWOW64\mswsock.dll
2014-04-21 06:32:48 ----A---- C:\Windows\system32\mswsock.dll
2014-04-21 06:32:47 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll
2014-04-21 06:32:47 ----A---- C:\Windows\SYSWOW64\credui.dll
2014-04-21 06:32:47 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-04-21 06:32:47 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2014-04-21 06:32:47 ----A---- C:\Windows\system32\credui.dll
2014-04-21 06:32:47 ----A---- C:\Windows\system32\authui.dll
2014-04-21 06:32:46 ----A---- C:\Windows\SYSWOW64\iologmsg.dll
2014-04-21 06:32:46 ----A---- C:\Windows\system32\iologmsg.dll
2014-04-21 06:32:46 ----A---- C:\Windows\system32\drivers\storport.sys
2014-04-21 06:32:46 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2014-04-21 06:32:46 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2014-04-21 06:32:44 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2014-04-21 06:32:44 ----A---- C:\Windows\system32\crypt32.dll
2014-04-21 06:32:43 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2014-04-21 06:32:43 ----A---- C:\Windows\system32\WMPhoto.dll
2014-04-21 06:32:42 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-04-21 06:32:42 ----A---- C:\Windows\system32\tzres.dll
2014-04-21 06:32:41 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-04-21 06:32:41 ----A---- C:\Windows\system32\d3d10warp.dll
2014-04-21 06:32:41 ----A---- C:\Windows\system32\d2d1.dll
2014-04-21 06:32:40 ----A---- C:\Windows\SYSWOW64\lpk.dll
2014-04-21 06:32:40 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2014-04-21 06:32:40 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2014-04-21 06:32:40 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2014-04-21 06:32:40 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2014-04-21 06:32:40 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2014-04-21 06:32:40 ----A---- C:\Windows\system32\lpk.dll
2014-04-21 06:32:40 ----A---- C:\Windows\system32\fontsub.dll
2014-04-21 06:32:40 ----A---- C:\Windows\system32\dciman32.dll
2014-04-21 06:32:40 ----A---- C:\Windows\system32\atmlib.dll
2014-04-21 06:32:40 ----A---- C:\Windows\system32\atmfd.dll
2014-04-21 06:32:39 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2014-04-21 06:32:39 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-04-21 06:32:39 ----A---- C:\Windows\system32\comctl32.dll
2014-04-21 06:32:38 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-04-21 06:32:38 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-04-21 06:32:38 ----A---- C:\Windows\system32\msxml3r.dll
2014-04-21 06:32:38 ----A---- C:\Windows\system32\msxml3.dll
2014-04-21 06:32:38 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2014-04-21 06:32:38 ----A---- C:\Windows\system32\drivers\netio.sys
2014-04-21 06:32:37 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2014-04-21 06:32:37 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2014-04-21 06:32:37 ----A---- C:\Windows\system32\WebClnt.dll
2014-04-21 06:32:37 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2014-04-21 06:32:37 ----A---- C:\Windows\system32\davclnt.dll
2014-04-21 06:32:36 ----A---- C:\Windows\SYSWOW64\msieftp.dll
2014-04-21 06:32:36 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2014-04-21 06:32:36 ----A---- C:\Windows\system32\wwansvc.dll
2014-04-21 06:32:36 ----A---- C:\Windows\system32\msieftp.dll
2014-04-21 06:32:36 ----A---- C:\Windows\system32\imagehlp.dll
2014-04-21 06:32:36 ----A---- C:\Windows\system32\drivers\portcls.sys
2014-04-21 06:32:36 ----A---- C:\Windows\system32\drivers\drmk.sys
2014-04-21 06:32:35 ----A---- C:\Windows\SYSWOW64\wer.dll
2014-04-21 06:32:35 ----A---- C:\Windows\system32\wer.dll
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\usbport.sys
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\usbohci.sys
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\usbhub.sys
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\usbehci.sys
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\usbd.sys
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\hidparse.sys
2014-04-21 06:32:35 ----A---- C:\Windows\system32\drivers\hidclass.sys
2014-04-21 06:32:34 ----A---- C:\Windows\system32\drivers\usbcir.sys
2014-04-21 06:32:34 ----A---- C:\Windows\system32\drivers\afd.sys
2014-04-21 06:31:49 ----A---- C:\Windows\system32\win32k.sys
2014-04-21 06:31:48 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-04-21 06:31:48 ----A---- C:\Windows\system32\gdi32.dll
2014-04-21 06:31:39 ----A---- C:\Windows\SYSWOW64\wow32.dll
2014-04-21 06:31:39 ----A---- C:\Windows\SYSWOW64\user.exe
2014-04-21 06:31:39 ----A---- C:\Windows\SYSWOW64\setup16.exe
2014-04-21 06:31:39 ----A---- C:\Windows\SYSWOW64\qedit.dll
2014-04-21 06:31:39 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2014-04-21 06:31:39 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-04-21 06:31:39 ----A---- C:\Windows\SYSWOW64\instnm.exe
2014-04-21 06:31:39 ----A---- C:\Windows\system32\wow64win.dll
2014-04-21 06:31:39 ----A---- C:\Windows\system32\wow64cpu.dll
2014-04-21 06:31:39 ----A---- C:\Windows\system32\wow64.dll
2014-04-21 06:31:39 ----A---- C:\Windows\system32\qedit.dll
2014-04-21 06:31:39 ----A---- C:\Windows\system32\ntvdm64.dll
2014-04-21 06:31:39 ----A---- C:\Windows\system32\kernel32.dll
2014-04-21 06:30:41 ----A---- C:\Windows\system32\drivers\ntfs.sys
2014-04-21 06:30:40 ----A---- C:\Windows\SYSWOW64\wscript.exe
2014-04-21 06:30:40 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-04-21 06:30:40 ----A---- C:\Windows\SYSWOW64\scrrun.dll
2014-04-21 06:30:40 ----A---- C:\Windows\SYSWOW64\cscript.exe
2014-04-21 06:30:40 ----A---- C:\Windows\system32\wscript.exe
2014-04-21 06:30:40 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-04-21 06:30:40 ----A---- C:\Windows\system32\scrrun.dll
2014-04-21 06:30:40 ----A---- C:\Windows\system32\scavengeui.dll
2014-04-21 06:30:40 ----A---- C:\Windows\system32\cscript.exe
2014-04-21 06:30:39 ----A---- C:\Windows\SYSWOW64\nshwfp.dll
2014-04-21 06:30:39 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL
2014-04-21 06:30:39 ----A---- C:\Windows\system32\nshwfp.dll
2014-04-21 06:30:39 ----A---- C:\Windows\system32\IKEEXT.DLL
2014-04-21 06:30:39 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2014-04-21 06:30:39 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-04-21 06:20:51 ----ASH---- C:\pagefile.sys
======List of files/folders modified in the last 1 month======
2014-05-20 15:00:55 ----D---- C:\Windows\Prefetch
2014-05-20 15:00:54 ----D---- C:\Program Files\trend micro
2014-05-20 14:58:14 ----D---- C:\Program Files (x86)\SpeedFan
2014-05-20 14:58:11 ----D---- C:\ProgramData\NVIDIA
2014-05-20 14:50:33 ----RD---- C:\Program Files (x86)
2014-05-20 14:48:10 ----SHD---- C:\Recovery
2014-05-20 14:46:18 ----D---- C:\Windows\System32
2014-05-20 14:46:18 ----D---- C:\Windows\inf
2014-05-20 14:46:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-20 14:41:32 ----D---- C:\AdwCleaner
2014-05-20 14:40:18 ----HD---- C:\ProgramData
2014-05-20 14:39:13 ----D---- C:\Windows\system32\drivers
2014-05-20 14:38:59 ----D---- C:\Windows\Temp
2014-05-20 14:38:58 ----D---- C:\Windows\system32\catroot
2014-05-20 14:38:10 ----D---- C:\Windows
2014-05-20 14:01:34 ----D---- C:\Users\ROCOR\AppData\Roaming\Winamp
2014-05-20 14:01:34 ----D---- C:\Users\ROCOR\AppData\Roaming\uTorrent
2014-05-20 13:44:17 ----D---- C:\Program Files\SUPERAntiSpyware
2014-05-20 13:35:05 ----SHD---- C:\System Volume Information
2014-05-20 13:31:44 ----D---- C:\Windows\SysWOW64
2014-05-20 10:44:54 ----D---- C:\Users\ROCOR\AppData\Roaming\foobar2000
2014-05-19 16:36:28 ----A---- C:\Windows\BlendSettings.ini
2014-05-19 06:56:48 ----D---- C:\ProgramData\boost_interprocess
2014-05-17 11:21:20 ----D---- C:\Windows\system32\config
2014-04-25 13:35:35 ----SHD---- C:\Windows\Installer
2014-04-25 13:35:35 ----SHD---- C:\Config.Msi
2014-04-24 14:27:48 ----D---- C:\Windows\system32\drivers\UMDF
2014-04-24 12:27:08 ----D---- C:\Windows\Logs
2014-04-23 17:26:46 ----D---- C:\Windows\system32\catroot2
2014-04-23 11:54:37 ----RSD---- C:\Windows\assembly
2014-04-21 16:35:58 ----D---- C:\Windows\rescache
2014-04-21 13:55:05 ----D---- C:\Windows\debug
2014-04-21 12:45:14 ----D---- C:\Windows\Microsoft.NET
2014-04-21 12:03:34 ----D---- C:\Windows\winsxs
2014-04-21 12:03:00 ----D---- C:\Program Files\Microsoft Silverlight
2014-04-21 12:03:00 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-04-21 12:02:19 ----D---- C:\Windows\SYSWOW64\wbem
2014-04-21 12:02:19 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-04-21 12:02:19 ----D---- C:\Windows\system32\wbem
2014-04-21 12:02:19 ----D---- C:\Windows\system32\drivers\en-US
2014-04-21 12:02:19 ----D---- C:\Windows\system32\cs-CZ
2014-04-21 12:02:19 ----D---- C:\Windows\AppPatch
2014-04-21 12:02:18 ----D---- C:\Windows\system32\DriverStore
2014-04-21 06:56:21 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-04-21 06:55:45 ----D---- C:\Windows\SYSWOW64\en-US
2014-04-21 06:55:45 ----D---- C:\Windows\system32\en-US
2014-04-21 06:55:42 ----SD---- C:\ProgramData\Microsoft
2014-04-21 06:44:42 ----D---- C:\Windows\system32\MRT
2014-04-21 06:26:36 ----D---- C:\Windows\SoftwareDistribution
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 asahci64;asahci64; C:\Windows\system32\DRIVERS\asahci64.sys [2011-09-21 49760]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2012-09-01 647736]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2012-09-01 28216]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2013-02-22 20464]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-11-24 283064]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R3 cmudaxp;ASUS Xonar Essence ST Audio Interface; C:\Windows\system32\drivers\cmudaxp.sys [2013-04-11 2734080]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2012-02-19 59392]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2012-02-19 84608]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-12-14 5353888]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2013-02-22 358896]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2013-02-22 792560]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-21 40392]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-28 26440]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 77512]
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-04-08 68992]
S3 MSICDSetup;MSICDSetup; \??\E:\CDriver64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 43976]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2010-04-28 36936]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-28 16200]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-04-02 1615192]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-04-02 20541216]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-03-04 922968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-03-04 411936]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-05-23 143120]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-12-14 277616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-04-22 119408]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-01-20 1255736]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-17 257416]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------