Prosím o kontrolu RSIT logu,..

[adabo]

Prosím niekoho či by mi skontroloval log z RSIT, pretože mám podozrenie na vírus. Keď som kontrolovala PC Nodom tak mi našlo trojana ale nedalo mi na výber či karanténu, či zmazať, tak som to nejak zrušila, ale asi ho stále mám.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-12-26 15:00:28
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (21%) free of 20 GB
Total RAM: 959 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:32, on 26. 12. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ioCentre\gTaskBar.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
D:\Programy\Power DVD\PowerDVD8\PDVD8Serv.exe
C:\Program Files\ioCentre\gMouseTask.exe
C:\Program Files\ioCentre\gKbdTask.exe
C:\Program Files\ioCentre\gAutoPan.exe
C:\Program Files\ioCentre\gAutoScroll.exe
C:\Program Files\ioCentre\gZoom.exe
C:\Program Files\ioCentre\gMGlass.exe
C:\Program Files\ioCentre\gSecurity.exe
C:\Program Files\ioCentre\gIMMgm.exe
C:\Program Files\ioCentre\gIMHook.exe
D:\Programy\Eset\nod32kui.exe
C:\Program Files\ioCentre\gPreset.exe
C:\Program Files\ioCentre\gKbStatus.exe
C:\Program Files\ioCentre\gDeskMgm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ioCentre\gKyeEmail.exe
C:\Program Files\ioCentre\gTaskSwitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Programy\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ioCentre\gIMHook.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Opera\opera.exe
D:\Programy\Inštalačky programov\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\RSIT.exe
D:\Programy\Inštalačky programov\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawltheinternet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Documents and Settings\Default User\Local Settings\Temp\flgpxtryd\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ioCentre] C:\Program Files\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl8] "D:\Programy\Power DVD\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "D:\Programy\Power DVD\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Programy\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [EPSON Stylus S20 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE /FU "C:\WINDOWS\TEMP\E_S69.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Documents and Settings\Default User\Local Settings\Temp\flgpxtryd\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Documents and Settings\Default User\Local Settings\Temp\flgpxtryd\jc_link.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programy\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 8736 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Documents and Settings\Default User\Local Settings\Temp\flgpxtryd\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll [2003-06-30 337920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /install []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"ioCentre"=C:\Program Files\ioCentre\gTaskBar.exe [2006-08-03 241664]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-10-04 81920]
"Adobe Reader Speed Launcher"=D:\Programy\Reader\Reader_sl.exe [2008-01-11 39792]
"RemoteControl8"=D:\Programy\Power DVD\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=D:\Programy\Power DVD\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"nod32kui"=D:\Programy\Eset\nod32kui.exe [2009-06-01 921600]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-10-04 8491008]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-11-30 1945600]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"MP4 Player"=C:\Program Files\MP4 Player\mp4Player.exe [2008-11-06 772096]
"EPSON Stylus S20 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE [2007-11-30 188928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Programy\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Administrator\Dokumenty\BitTorrent\bittorrent.exe"="C:\Documents and Settings\Administrator\Dokumenty\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"D:\Programy\Power DVD\PowerDVD8\PowerDVD8.exe"="D:\Programy\Power DVD\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"D:\Programy\FlashGet universal\FlashGet.exe"="D:\Programy\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"D:\Programy\FlashGet universal\LiveUpdate.exe"="D:\Programy\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"D:\Programy\FlashGet universal\LiveUpdateEx.exe"="D:\Programy\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Programy\Power DVD\PowerDVD8\PowerDVD8.exe"="D:\Programy\Power DVD\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a52865ae-f0c0-11de-9f23-0020ed1b0785}]
shell\AutoRun\command - G:\Toshiba\more4you.exe


======File associations======

.js - edit - "D:\Programy\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2011-07-13 12:37:16 ----D---- C:\Program Files\Sunbelt Software
2009-12-26 15:00:28 ----D---- C:\rsit
2009-12-17 19:04:01 ----A---- C:\WINDOWS\system32\unrar.dll
2009-12-17 19:04:00 ----A---- C:\WINDOWS\avisplitter.ini
2009-12-17 19:03:52 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-12-17 19:03:51 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-12-17 19:03:51 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-12-17 19:03:51 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-12-17 19:03:46 ----A---- C:\WINDOWS\system32\divx.dll
2009-12-17 19:03:43 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-12-17 19:03:43 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-12-17 13:25:36 ----D---- C:\Documents and Settings\Administrator\Data aplikací\GRETECH
2009-12-13 17:24:10 ----D---- C:\Documents and Settings\Administrator\Data aplikací\BITS
2009-12-12 11:48:03 ----D---- C:\Documents and Settings\Administrator\Data aplikací\EPSON
2009-12-05 09:55:02 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-05 09:55:02 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-05 09:55:02 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2009-12-26 01:05:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-24 20:30:28 ----A---- C:\WINDOWS\WINCMD.INI
2009-12-22 23:47:38 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-21 23:00:14 ----A---- C:\WINDOWS\cdplayer.ini
2009-12-21 19:08:54 ----A---- C:\WINDOWS\win.ini
2009-12-21 19:08:54 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\D:\Programy\Power DVD\PowerDVD8\000.fcl []
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R3 gHidPnp;USB Device Enhanced Function Driver; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [2006-07-14 14848]
R3 GT680xNT;ColorPage-Vivid 1200XE; C:\WINDOWS\system32\drivers\gt680x.sys [2003-02-26 17376]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-04 6854464]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 gMouPS2;PS2 Scroll Mouse Device; C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2006-07-12 17408]
S3 gMouUsb;USB Mouse Device Drv; C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2006-07-14 9984]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 NOD32krn;NOD32 Kernel Service; D:\Programy\Eset\nod32krn.exe [2009-06-01 507904]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-10-04 155716]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-08 171040]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2007-11-21 126976]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe /svc []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-15 651720]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-01-26 53337]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-01-26 53337]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-01-26 69718]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-01-24 69632]

-----------------EOF-----------------

[Roli]

Zdravím, tohle fixni v HJT :

O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl8] "D:\Programy\Power DVD\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "D:\Programy\Power DVD\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"


HJT najdeš zde :

D:\Programy\Inštalačky programov\Administrator

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Pak pro začátek použij Mbam z méého podpisu.

[adabo]

Fixnuté, ďakujem. A tu je log z toho Mbam - tých osem odfajknutých vecí môžem zmazať? :

Malwarebytes' Anti-Malware 1.42
Verze databáze: 3435
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

26. 12. 2009 19:38:08
mbam-log-2009-12-26 (19-38-02).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 138693
Uplynulý čas: 3 minute(s), 43 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 5
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f364306-aa45-47b5-9f9d-39a8b94e7ef7} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2f364306-aa45-47b5-9f9d-39a8b94e7ef7} (Trojan.BHO.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c9c42510-9b41-42c1-9dcd-7282a2d07c61} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\IQSoftware (Rogue.Multiple) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Default User\Local Settings\Temp\flgpxtryd\jccatch.dll (Trojan.BHO.H) -> No action taken.
C:\WINDOWS\youtubex.dll (Trojan.Agent) -> No action taken.
C:\Program Files\Internet Explorer\explorer.exe (Spyware.Banker) -> No action taken.

[Roli]

tých osem odfajknutých vecí môžem zmazať?

Pokud myslíš ty šmejdy v logu Mbam tak ty nech smazat.


Dále použijeme větší kalibr, proto stáhni a ulož na plochu ComboFix,

spusť aplikaci pod účtem s administrátorským oprávněním a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah vlož sem.

[adabo]

Tu je log:

ComboFix 09-12-27.03 - Administrator . 12. 2009 19:28:01.1.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.959.469 [GMT 1:00]
Running from: D:\ComboFix.exe
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bund1

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))
.

2011-07-13 11:37 . 2011-07-13 11:37 -------- d-----w- c:\program files\Sunbelt Software
2009-12-28 12:49 . 2009-12-28 12:49 -------- d-----w- C:\FOUND.001
2009-12-26 22:03 . 2009-12-26 22:03 -------- d-----w- C:\FOUND.000
2009-12-26 18:32 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-26 18:32 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 14:00 . 2009-12-26 14:00 -------- d-----w- C:\rsit
2009-12-17 18:04 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-17 18:03 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-17 18:03 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-12-17 18:03 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-17 18:03 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-12-17 18:03 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2009-12-17 18:03 . 2009-12-11 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 16:13 . 2011-11-01 08:04 1022501 ----a-w- c:\windows\system32\drivers\fwdrv.err
2009-11-23 15:55 . 2009-11-23 15:55 -------- d-----w- c:\program files\EPSON
2009-10-11 03:17 . 2008-11-12 14:12 411368 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2008-11-06 772096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ioCentre"="c:\program files\ioCentre\gTaskBar.exe" [2006-08-03 241664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"nod32kui"="d:\programy\Eset\nod32kui.exe" [2009-06-01 921600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-17 14:49 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programy\\Power DVD\\PowerDVD8\\PowerDVD8.exe"=

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26. 4. 2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26. 4. 2007 10:21 72624]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};d:\programy\Power DVD\PowerDVD8\000.fcl [1. 2. 2008 16:24 41456]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26. 4. 2007 10:21 1234480]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [15. 12. 2007 9:32 14848]
R3 GT680xNT;ColorPage-Vivid 1200XE;c:\windows\system32\drivers\Gt680x.sys [1. 11. 2007 13:49 17376]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [31. 10. 2007 21:18 16512]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [15. 12. 2007 9:32 17408]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [15. 12. 2007 9:32 9984]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawltheinternet.com
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: &Download All with FlashGet - c:\documents and settings\Default User\Local Settings\Temp\flgpxtryd\jc_all.htm
IE: &Download with FlashGet - c:\documents and settings\Default User\Local Settings\Temp\flgpxtryd\jc_link.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\7yywoaki.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: d:\programy\Reader\browser\nppdf32.dll
FF - plugin: d:\real player\Netscape6\nppl3260.dll
FF - plugin: d:\real player\Netscape6\nprjplug.dll
FF - plugin: d:\real player\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-QuickTime Task - d:\programy\QuickTime\qttask.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 19:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\programy\Power DVD\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\imon.dll
d:\programy\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\nview.dll
c:\windows\system32\msi.dll
c:\windows\system32\nvwddi.dll
.
Completion time: 2009-12-28 19:37:35
ComboFix-quarantined-files.txt 2009-12-28 18:37

Pre-Run: 2 984 165 376
Post-Run: 3 023 323 136

- - End Of File - - B54A399040804384485443E49BE9E5FE

[Roli]

Něco smazáno ještě ale doladíme, proto pokud jsi tak ještě neučinila, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Folder::
C:\FOUND.001
C:\FOUND.000

FireFox::
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\7yywoaki.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



po aplikaci na Tebe vypadne další log, dej ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[adabo]

Nech sa páči:

ComboFix 09-12-27.03 - Administrator . 12. 2009 19:29:35.2.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.959.535 [GMT 1:00]
Running from: D:\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.000
c:\found.000\FILE0000.CHK
c:\found.000\FILE0001.CHK
c:\found.000\FILE0002.CHK
c:\found.000\FILE0003.CHK
c:\found.000\FILE0004.CHK
C:\FOUND.001
c:\found.001\FILE0000.CHK
c:\found.001\FILE0001.CHK
c:\found.001\FILE0002.CHK
c:\found.001\FILE0003.CHK
c:\found.001\FILE0004.CHK
c:\found.001\FILE0005.CHK
c:\found.001\FILE0006.CHK
c:\found.001\FILE0007.CHK
c:\found.001\FILE0008.CHK
c:\found.001\FILE0009.CHK
c:\found.001\FILE0010.CHK
c:\found.001\FILE0011.CHK
c:\found.001\FILE0012.CHK
c:\found.001\FILE0013.CHK
c:\found.001\FILE0014.CHK
c:\found.001\FILE0015.CHK
c:\found.001\FILE0016.CHK
c:\found.001\FILE0017.CHK
c:\found.001\FILE0018.CHK
c:\found.001\FILE0019.CHK
c:\found.001\FILE0020.CHK
c:\found.001\FILE0021.CHK
c:\found.001\FILE0022.CHK
c:\found.001\FILE0023.CHK
c:\found.001\FILE0024.CHK
c:\found.001\FILE0025.CHK
c:\found.001\FILE0026.CHK
c:\found.001\FILE0027.CHK
c:\found.001\FILE0028.CHK
c:\found.001\FILE0029.CHK
c:\found.001\FILE0030.CHK
c:\found.001\FILE0031.CHK
c:\found.001\FILE0032.CHK
c:\found.001\FILE0033.CHK
c:\found.001\FILE0034.CHK
c:\found.001\FILE0035.CHK
c:\found.001\FILE0036.CHK
c:\found.001\FILE0037.CHK
c:\found.001\FILE0038.CHK
c:\found.001\FILE0039.CHK
c:\found.001\FILE0040.CHK
c:\found.001\FILE0041.CHK
c:\found.001\FILE0042.CHK
c:\found.001\FILE0043.CHK
c:\found.001\FILE0044.CHK
c:\found.001\FILE0045.CHK
c:\found.001\FILE0046.CHK
c:\found.001\FILE0047.CHK
c:\found.001\FILE0048.CHK
c:\found.001\FILE0049.CHK
c:\found.001\FILE0050.CHK
c:\found.001\FILE0051.CHK
c:\found.001\FILE0052.CHK
c:\found.001\FILE0053.CHK
c:\found.001\FILE0054.CHK
c:\found.001\FILE0055.CHK
c:\found.001\FILE0056.CHK
c:\found.001\FILE0057.CHK
c:\found.001\FILE0058.CHK
c:\found.001\FILE0059.CHK
c:\found.001\FILE0060.CHK
c:\found.001\FILE0061.CHK
c:\found.001\FILE0062.CHK
c:\found.001\FILE0063.CHK
c:\found.001\FILE0064.CHK
c:\found.001\FILE0065.CHK
c:\found.001\FILE0066.CHK
c:\found.001\FILE0067.CHK
c:\found.001\FILE0068.CHK
c:\found.001\FILE0069.CHK
c:\found.001\FILE0070.CHK
c:\found.001\FILE0071.CHK
c:\found.001\FILE0072.CHK
c:\found.001\FILE0073.CHK
c:\found.001\FILE0074.CHK
c:\found.001\FILE0075.CHK
c:\found.001\FILE0076.CHK
c:\found.001\FILE0077.CHK
c:\found.001\FILE0078.CHK
c:\found.001\FILE0079.CHK
c:\found.001\FILE0080.CHK
c:\found.001\FILE0081.CHK
c:\found.001\FILE0082.CHK
c:\found.001\FILE0083.CHK
c:\found.001\FILE0084.CHK
c:\found.001\FILE0085.CHK
c:\found.001\FILE0086.CHK
c:\found.001\FILE0087.CHK
c:\found.001\FILE0088.CHK
c:\found.001\FILE0089.CHK
c:\found.001\FILE0090.CHK
c:\found.001\FILE0091.CHK
c:\found.001\FILE0092.CHK
c:\found.001\FILE0093.CHK
c:\found.001\FILE0094.CHK
c:\found.001\FILE0095.CHK
c:\found.001\FILE0096.CHK
c:\found.001\FILE0097.CHK
c:\found.001\FILE0098.CHK
c:\found.001\FILE0099.CHK
c:\found.001\FILE0100.CHK
c:\found.001\FILE0101.CHK
c:\found.001\FILE0102.CHK
c:\found.001\FILE0103.CHK
c:\found.001\FILE0104.CHK
c:\found.001\FILE0105.CHK
c:\found.001\FILE0106.CHK
c:\found.001\FILE0107.CHK
c:\found.001\FILE0108.CHK
c:\found.001\FILE0109.CHK
c:\found.001\FILE0110.CHK
c:\found.001\FILE0111.CHK
c:\found.001\FILE0112.CHK
c:\found.001\FILE0113.CHK
c:\found.001\FILE0114.CHK
c:\found.001\FILE0115.CHK
c:\found.001\FILE0116.CHK
c:\found.001\FILE0117.CHK
c:\found.001\FILE0118.CHK
c:\found.001\FILE0119.CHK
c:\found.001\FILE0120.CHK
c:\found.001\FILE0121.CHK
c:\found.001\FILE0122.CHK
c:\found.001\FILE0123.CHK
c:\found.001\FILE0124.CHK
c:\found.001\FILE0125.CHK
c:\found.001\FILE0126.CHK
c:\found.001\FILE0127.CHK
c:\found.001\FILE0128.CHK
c:\found.001\FILE0129.CHK
c:\found.001\FILE0130.CHK
c:\found.001\FILE0131.CHK
c:\found.001\FILE0132.CHK
c:\found.001\FILE0133.CHK
c:\found.001\FILE0134.CHK
c:\found.001\FILE0135.CHK
c:\found.001\FILE0136.CHK
c:\found.001\FILE0137.CHK
c:\found.001\FILE0138.CHK
c:\found.001\FILE0139.CHK
c:\found.001\FILE0140.CHK
c:\found.001\FILE0141.CHK
c:\found.001\FILE0142.CHK
c:\found.001\FILE0143.CHK
c:\found.001\FILE0144.CHK
c:\found.001\FILE0145.CHK
c:\found.001\FILE0146.CHK
c:\found.001\FILE0147.CHK
c:\found.001\FILE0148.CHK
c:\found.001\FILE0149.CHK
c:\found.001\FILE0150.CHK
c:\found.001\FILE0151.CHK
c:\found.001\FILE0152.CHK
c:\found.001\FILE0153.CHK
c:\found.001\FILE0154.CHK
c:\found.001\FILE0155.CHK
c:\found.001\FILE0156.CHK
c:\found.001\FILE0157.CHK
c:\found.001\FILE0158.CHK
c:\found.001\FILE0159.CHK
c:\found.001\FILE0160.CHK
c:\found.001\FILE0161.CHK
c:\found.001\FILE0162.CHK
c:\found.001\FILE0163.CHK
c:\found.001\FILE0164.CHK
c:\found.001\FILE0165.CHK
c:\found.001\FILE0166.CHK
c:\found.001\FILE0167.CHK
c:\found.001\FILE0168.CHK
c:\found.001\FILE0169.CHK
c:\found.001\FILE0170.CHK
c:\found.001\FILE0171.CHK
c:\found.001\FILE0172.CHK
c:\found.001\FILE0173.CHK
c:\found.001\FILE0174.CHK
c:\found.001\FILE0175.CHK
c:\found.001\FILE0176.CHK
c:\found.001\FILE0177.CHK
c:\found.001\FILE0178.CHK
c:\found.001\FILE0179.CHK
c:\found.001\FILE0180.CHK
c:\found.001\FILE0181.CHK
c:\found.001\FILE0182.CHK
c:\found.001\FILE0183.CHK
c:\found.001\FILE0184.CHK
c:\found.001\FILE0185.CHK
c:\found.001\FILE0186.CHK
c:\found.001\FILE0187.CHK
c:\found.001\FILE0188.CHK
c:\found.001\FILE0189.CHK
c:\found.001\FILE0190.CHK
c:\found.001\FILE0191.CHK
c:\found.001\FILE0192.CHK
c:\found.001\FILE0193.CHK
c:\found.001\FILE0194.CHK
c:\found.001\FILE0195.CHK
c:\found.001\FILE0196.CHK
c:\found.001\FILE0197.CHK
c:\found.001\FILE0198.CHK
c:\found.001\FILE0199.CHK
c:\found.001\FILE0200.CHK
c:\found.001\FILE0201.CHK
c:\found.001\FILE0202.CHK
c:\found.001\FILE0203.CHK
c:\found.001\FILE0204.CHK
c:\found.001\FILE0205.CHK
c:\found.001\FILE0206.CHK
c:\found.001\FILE0207.CHK
c:\found.001\FILE0208.CHK
c:\found.001\FILE0209.CHK
c:\found.001\FILE0210.CHK
c:\found.001\FILE0211.CHK
c:\found.001\FILE0212.CHK
c:\found.001\FILE0213.CHK
c:\found.001\FILE0214.CHK
c:\found.001\FILE0215.CHK
c:\found.001\FILE0216.CHK
c:\found.001\FILE0217.CHK
c:\found.001\FILE0218.CHK
c:\found.001\FILE0219.CHK
c:\found.001\FILE0220.CHK
c:\found.001\FILE0221.CHK
c:\found.001\FILE0222.CHK
c:\found.001\FILE0223.CHK
c:\found.001\FILE0224.CHK
c:\found.001\FILE0225.CHK
c:\found.001\FILE0226.CHK
c:\found.001\FILE0227.CHK
c:\found.001\FILE0228.CHK
c:\found.001\FILE0229.CHK
c:\found.001\FILE0230.CHK
c:\found.001\FILE0231.CHK
c:\found.001\FILE0232.CHK
c:\found.001\FILE0233.CHK
c:\found.001\FILE0234.CHK
c:\found.001\FILE0235.CHK
c:\found.001\FILE0236.CHK
c:\found.001\FILE0237.CHK
c:\found.001\FILE0238.CHK
c:\found.001\FILE0239.CHK
c:\found.001\FILE0240.CHK
c:\found.001\FILE0241.CHK
c:\found.001\FILE0242.CHK
c:\found.001\FILE0243.CHK
c:\found.001\FILE0244.CHK
c:\found.001\FILE0245.CHK
c:\found.001\FILE0246.CHK
c:\found.001\FILE0247.CHK
c:\found.001\FILE0248.CHK
c:\found.001\FILE0249.CHK
c:\found.001\FILE0250.CHK
c:\found.001\FILE0251.CHK
c:\found.001\FILE0252.CHK
c:\found.001\FILE0253.CHK
c:\found.001\FILE0254.CHK
c:\found.001\FILE0255.CHK
c:\found.001\FILE0256.CHK
c:\found.001\FILE0257.CHK
c:\found.001\FILE0258.CHK
c:\found.001\FILE0259.CHK
c:\found.001\FILE0260.CHK
c:\found.001\FILE0261.CHK
c:\found.001\FILE0262.CHK
c:\found.001\FILE0263.CHK
c:\found.001\FILE0264.CHK
c:\found.001\FILE0265.CHK
c:\found.001\FILE0266.CHK
c:\found.001\FILE0267.CHK
c:\found.001\FILE0268.CHK
c:\found.001\FILE0269.CHK
c:\found.001\FILE0270.CHK
c:\found.001\FILE0271.CHK
c:\found.001\FILE0272.CHK
c:\found.001\FILE0273.CHK
c:\found.001\FILE0274.CHK
c:\found.001\FILE0275.CHK
c:\found.001\FILE0276.CHK
c:\found.001\FILE0277.CHK
c:\found.001\FILE0278.CHK
c:\found.001\FILE0279.CHK
c:\found.001\FILE0280.CHK
c:\found.001\FILE0281.CHK
c:\found.001\FILE0282.CHK
c:\found.001\FILE0283.CHK
c:\found.001\FILE0284.CHK
c:\found.001\FILE0285.CHK
c:\found.001\FILE0286.CHK
c:\found.001\FILE0287.CHK
c:\found.001\FILE0288.CHK
c:\found.001\FILE0289.CHK
c:\found.001\FILE0290.CHK
c:\found.001\FILE0291.CHK
c:\found.001\FILE0292.CHK
c:\found.001\FILE0293.CHK
c:\found.001\FILE0294.CHK
c:\found.001\FILE0295.CHK
c:\found.001\FILE0296.CHK
c:\found.001\FILE0297.CHK
c:\found.001\FILE0298.CHK
c:\found.001\FILE0299.CHK
c:\found.001\FILE0300.CHK
c:\found.001\FILE0301.CHK
c:\found.001\FILE0302.CHK
c:\found.001\FILE0303.CHK
c:\found.001\FILE0304.CHK
c:\found.001\FILE0305.CHK
c:\found.001\FILE0306.CHK
c:\found.001\FILE0307.CHK
c:\found.001\FILE0308.CHK
c:\found.001\FILE0309.CHK
c:\found.001\FILE0310.CHK
c:\found.001\FILE0311.CHK
c:\found.001\FILE0312.CHK
c:\found.001\FILE0313.CHK
c:\found.001\FILE0314.CHK
c:\found.001\FILE0315.CHK
c:\found.001\FILE0316.CHK
c:\found.001\FILE0317.CHK
c:\found.001\FILE0318.CHK
c:\found.001\FILE0319.CHK
c:\found.001\FILE0320.CHK
c:\found.001\FILE0321.CHK
c:\found.001\FILE0322.CHK
c:\found.001\FILE0323.CHK
c:\found.001\FILE0324.CHK
c:\found.001\FILE0325.CHK
c:\found.001\FILE0326.CHK
c:\found.001\FILE0327.CHK
c:\found.001\FILE0328.CHK
c:\found.001\FILE0329.CHK
c:\found.001\FILE0330.CHK
c:\found.001\FILE0331.CHK
c:\found.001\FILE0332.CHK
c:\found.001\FILE0333.CHK
c:\found.001\FILE0334.CHK
c:\found.001\FILE0335.CHK
c:\found.001\FILE0336.CHK
c:\found.001\FILE0337.CHK
c:\found.001\FILE0338.CHK
c:\found.001\FILE0339.CHK
c:\found.001\FILE0340.CHK
c:\found.001\FILE0341.CHK
c:\found.001\FILE0342.CHK
c:\found.001\FILE0343.CHK
c:\found.001\FILE0344.CHK
c:\found.001\FILE0345.CHK
c:\found.001\FILE0346.CHK
c:\found.001\FILE0347.CHK
c:\found.001\FILE0348.CHK
c:\found.001\FILE0349.CHK
c:\found.001\FILE0350.CHK
c:\found.001\FILE0351.CHK
c:\found.001\FILE0352.CHK
c:\found.001\FILE0353.CHK
c:\found.001\FILE0354.CHK
c:\found.001\FILE0355.CHK
c:\found.001\FILE0356.CHK
c:\found.001\FILE0357.CHK
c:\found.001\FILE0358.CHK
c:\found.001\FILE0359.CHK
c:\found.001\FILE0360.CHK
c:\found.001\FILE0361.CHK
c:\found.001\FILE0362.CHK
c:\found.001\FILE0363.CHK
c:\found.001\FILE0364.CHK
c:\found.001\FILE0365.CHK
c:\found.001\FILE0366.CHK
c:\found.001\FILE0367.CHK
c:\found.001\FILE0368.CHK
c:\found.001\FILE0369.CHK
c:\found.001\FILE0370.CHK
c:\found.001\FILE0371.CHK
c:\found.001\FILE0372.CHK
c:\found.001\FILE0373.CHK
c:\found.001\FILE0374.CHK
c:\found.001\FILE0375.CHK
c:\found.001\FILE0376.CHK
c:\found.001\FILE0377.CHK
c:\found.001\FILE0378.CHK
c:\found.001\FILE0379.CHK
c:\found.001\FILE0380.CHK
c:\found.001\FILE0381.CHK
c:\found.001\FILE0382.CHK
c:\found.001\FILE0383.CHK
c:\found.001\FILE0384.CHK
c:\found.001\FILE0385.CHK
c:\found.001\FILE0386.CHK
c:\found.001\FILE0387.CHK
c:\found.001\FILE0388.CHK
c:\found.001\FILE0389.CHK
c:\found.001\FILE0390.CHK
c:\found.001\FILE0391.CHK
c:\found.001\FILE0392.CHK
c:\found.001\FILE0393.CHK
c:\found.001\FILE0394.CHK
c:\found.001\FILE0395.CHK
c:\found.001\FILE0396.CHK
c:\found.001\FILE0397.CHK
c:\found.001\FILE0398.CHK
c:\found.001\FILE0399.CHK
c:\found.001\FILE0400.CHK
c:\found.001\FILE0401.CHK
c:\found.001\FILE0402.CHK
c:\found.001\FILE0403.CHK
c:\found.001\FILE0404.CHK
c:\found.001\FILE0405.CHK
c:\found.001\FILE0406.CHK
c:\found.001\FILE0407.CHK
c:\found.001\FILE0408.CHK
c:\found.001\FILE0409.CHK
c:\found.001\FILE0410.CHK
c:\found.001\FILE0411.CHK
c:\found.001\FILE0412.CHK
c:\found.001\FILE0413.CHK
c:\found.001\FILE0414.CHK
c:\found.001\FILE0415.CHK
c:\found.001\FILE0416.CHK
c:\found.001\FILE0417.CHK
c:\found.001\FILE0418.CHK
c:\found.001\FILE0419.CHK
c:\found.001\FILE0420.CHK
c:\found.001\FILE0421.CHK
c:\found.001\FILE0422.CHK
c:\found.001\FILE0423.CHK
c:\found.001\FILE0424.CHK
c:\found.001\FILE0425.CHK
c:\found.001\FILE0426.CHK
c:\found.001\FILE0427.CHK
c:\found.001\FILE0428.CHK
c:\found.001\FILE0429.CHK
c:\found.001\FILE0430.CHK
c:\found.001\FILE0431.CHK
c:\found.001\FILE0432.CHK
c:\found.001\FILE0433.CHK
c:\found.001\FILE0434.CHK
c:\found.001\FILE0435.CHK
c:\found.001\FILE0436.CHK
c:\found.001\FILE0437.CHK
c:\found.001\FILE0438.CHK
c:\found.001\FILE0439.CHK
c:\found.001\FILE0440.CHK
c:\found.001\FILE0441.CHK
c:\found.001\FILE0442.CHK
c:\found.001\FILE0443.CHK
c:\found.001\FILE0444.CHK
c:\found.001\FILE0445.CHK
c:\found.001\FILE0446.CHK
c:\found.001\FILE0447.CHK
c:\found.001\FILE0448.CHK
c:\found.001\FILE0449.CHK
c:\found.001\FILE0450.CHK
c:\found.001\FILE0451.CHK
c:\found.001\FILE0452.CHK
c:\found.001\FILE0453.CHK
c:\found.001\FILE0454.CHK
c:\found.001\FILE0455.CHK
c:\found.001\FILE0456.CHK
c:\found.001\FILE0457.CHK
c:\found.001\FILE0458.CHK
c:\found.001\FILE0459.CHK
c:\found.001\FILE0460.CHK
c:\found.001\FILE0461.CHK
c:\found.001\FILE0462.CHK
c:\found.001\FILE0463.CHK
c:\found.001\FILE0464.CHK
c:\found.001\FILE0465.CHK
c:\found.001\FILE0466.CHK
c:\found.001\FILE0467.CHK
c:\found.001\FILE0468.CHK
c:\found.001\FILE0469.CHK
c:\found.001\FILE0470.CHK
c:\found.001\FILE0471.CHK
c:\found.001\FILE0472.CHK
c:\found.001\FILE0473.CHK
c:\found.001\FILE0474.CHK
c:\found.001\FILE0475.CHK
c:\found.001\FILE0476.CHK
c:\found.001\FILE0477.CHK
c:\found.001\FILE0478.CHK
c:\found.001\FILE0479.CHK
c:\found.001\FILE0480.CHK
c:\found.001\FILE0481.CHK
c:\found.001\FILE0482.CHK
c:\found.001\FILE0483.CHK
c:\found.001\FILE0484.CHK
c:\found.001\FILE0485.CHK
c:\found.001\FILE0486.CHK
c:\found.001\FILE0487.CHK
c:\found.001\FILE0488.CHK
c:\found.001\FILE0489.CHK
c:\found.001\FILE0490.CHK
c:\found.001\FILE0491.CHK
c:\found.001\FILE0492.CHK
c:\found.001\FILE0493.CHK
c:\found.001\FILE0494.CHK
c:\found.001\FILE0495.CHK
c:\found.001\FILE0496.CHK
c:\found.001\FILE0497.CHK
c:\found.001\FILE0498.CHK
c:\found.001\FILE0499.CHK
c:\found.001\FILE0500.CHK
c:\found.001\FILE0501.CHK
c:\found.001\FILE0502.CHK
c:\found.001\FILE0503.CHK
c:\found.001\FILE0504.CHK
c:\found.001\FILE0505.CHK
c:\found.001\FILE0506.CHK
c:\found.001\FILE0507.CHK
c:\found.001\FILE0508.CHK
c:\found.001\FILE0509.CHK
c:\found.001\FILE0510.CHK
c:\found.001\FILE0511.CHK
c:\found.001\FILE0512.CHK
c:\found.001\FILE0513.CHK
c:\found.001\FILE0514.CHK
c:\found.001\FILE0515.CHK
c:\found.001\FILE0516.CHK
c:\found.001\FILE0517.CHK
c:\found.001\FILE0518.CHK
c:\found.001\FILE0519.CHK
c:\found.001\FILE0520.CHK
c:\found.001\FILE0521.CHK
c:\found.001\FILE0522.CHK
c:\found.001\FILE0523.CHK
c:\found.001\FILE0524.CHK
c:\found.001\FILE0525.CHK
c:\found.001\FILE0526.CHK
c:\found.001\FILE0527.CHK
c:\found.001\FILE0528.CHK
c:\found.001\FILE0529.CHK
c:\found.001\FILE0530.CHK
c:\found.001\FILE0531.CHK
c:\found.001\FILE0532.CHK
c:\found.001\FILE0533.CHK
c:\found.001\FILE0534.CHK
c:\found.001\FILE0535.CHK
c:\found.001\FILE0536.CHK
c:\found.001\FILE0537.CHK
c:\found.001\FILE0538.CHK
c:\found.001\FILE0539.CHK
c:\found.001\FILE0540.CHK
c:\found.001\FILE0541.CHK
c:\found.001\FILE0542.CHK
c:\found.001\FILE0543.CHK
c:\found.001\FILE0544.CHK
c:\found.001\FILE0545.CHK
c:\found.001\FILE0546.CHK
c:\found.001\FILE0547.CHK
c:\found.001\FILE0548.CHK
c:\found.001\FILE0549.CHK
c:\found.001\FILE0550.CHK
c:\found.001\FILE0551.CHK
c:\found.001\FILE0552.CHK
c:\found.001\FILE0553.CHK
c:\found.001\FILE0554.CHK
c:\found.001\FILE0555.CHK
c:\found.001\FILE0556.CHK
c:\found.001\FILE0557.CHK
c:\found.001\FILE0558.CHK
c:\found.001\FILE0559.CHK
c:\found.001\FILE0560.CHK
c:\found.001\FILE0561.CHK
c:\found.001\FILE0562.CHK
c:\found.001\FILE0563.CHK
c:\found.001\FILE0564.CHK
c:\found.001\FILE0565.CHK
c:\found.001\FILE0566.CHK
c:\found.001\FILE0567.CHK
c:\found.001\FILE0568.CHK
c:\found.001\FILE0569.CHK
c:\found.001\FILE0570.CHK
c:\found.001\FILE0571.CHK
c:\found.001\FILE0572.CHK
c:\found.001\FILE0573.CHK
c:\found.001\FILE0574.CHK
c:\found.001\FILE0575.CHK
c:\found.001\FILE0576.CHK
c:\found.001\FILE0577.CHK
c:\found.001\FILE0578.CHK
c:\found.001\FILE0579.CHK
c:\found.001\FILE0580.CHK
c:\found.001\FILE0581.CHK
c:\found.001\FILE0582.CHK
c:\found.001\FILE0583.CHK
c:\found.001\FILE0584.CHK
c:\found.001\FILE0585.CHK
c:\found.001\FILE0586.CHK
c:\found.001\FILE0587.CHK
c:\found.001\FILE0588.CHK
c:\found.001\FILE0589.CHK
c:\found.001\FILE0590.CHK
c:\found.001\FILE0591.CHK
c:\found.001\FILE0592.CHK
c:\found.001\FILE0593.CHK
c:\found.001\FILE0594.CHK
c:\found.001\FILE0595.CHK
c:\found.001\FILE0596.CHK
c:\found.001\FILE0597.CHK
c:\found.001\FILE0598.CHK
c:\found.001\FILE0599.CHK
c:\found.001\FILE0600.CHK
c:\found.001\FILE0601.CHK
c:\found.001\FILE0602.CHK
c:\found.001\FILE0603.CHK
c:\found.001\FILE0604.CHK
c:\found.001\FILE0605.CHK
c:\found.001\FILE0606.CHK
c:\found.001\FILE0607.CHK
c:\found.001\FILE0608.CHK
c:\found.001\FILE0609.CHK
c:\found.001\FILE0610.CHK
c:\found.001\FILE0611.CHK
c:\found.001\FILE0612.CHK
c:\found.001\FILE0613.CHK
c:\found.001\FILE0614.CHK
c:\found.001\FILE0615.CHK
c:\found.001\FILE0616.CHK
c:\found.001\FILE0617.CHK
c:\found.001\FILE0618.CHK
c:\found.001\FILE0619.CHK
c:\found.001\FILE0620.CHK
c:\found.001\FILE0621.CHK
c:\found.001\FILE0622.CHK
c:\found.001\FILE0623.CHK
c:\found.001\FILE0624.CHK
c:\found.001\FILE0625.CHK
c:\found.001\FILE0626.CHK
c:\found.001\FILE0627.CHK
c:\found.001\FILE0628.CHK
c:\found.001\FILE0629.CHK
c:\found.001\FILE0630.CHK
c:\found.001\FILE0631.CHK
c:\found.001\FILE0632.CHK
c:\found.001\FILE0633.CHK
c:\found.001\FILE0634.CHK
c:\found.001\FILE0635.CHK
c:\found.001\FILE0636.CHK
c:\found.001\FILE0637.CHK
c:\found.001\FILE0638.CHK
c:\found.001\FILE0639.CHK
c:\found.001\FILE0640.CHK
c:\found.001\FILE0641.CHK
c:\found.001\FILE0642.CHK
c:\found.001\FILE0643.CHK
c:\found.001\FILE0644.CHK
c:\found.001\FILE0645.CHK
c:\found.001\FILE0646.CHK
c:\found.001\FILE0647.CHK
c:\found.001\FILE0648.CHK
c:\found.001\FILE0649.CHK
c:\found.001\FILE0650.CHK
c:\found.001\FILE0651.CHK
c:\found.001\FILE0652.CHK
c:\found.001\FILE0653.CHK
c:\found.001\FILE0654.CHK
c:\found.001\FILE0655.CHK
c:\found.001\FILE0656.CHK
c:\found.001\FILE0657.CHK
c:\found.001\FILE0658.CHK
c:\found.001\FILE0659.CHK
c:\found.001\FILE0660.CHK
c:\found.001\FILE0661.CHK
c:\found.001\FILE0662.CHK
c:\found.001\FILE0663.CHK
c:\found.001\FILE0664.CHK
c:\found.001\FILE0665.CHK
c:\found.001\FILE0666.CHK
c:\found.001\FILE0667.CHK
c:\found.001\FILE0668.CHK
c:\found.001\FILE0669.CHK
c:\found.001\FILE0670.CHK
c:\found.001\FILE0671.CHK
c:\found.001\FILE0672.CHK
c:\found.001\FILE0673.CHK
c:\found.001\FILE0674.CHK
c:\found.001\FILE0675.CHK
c:\found.001\FILE0676.CHK
c:\found.001\FILE0677.CHK
c:\found.001\FILE0678.CHK
c:\found.001\FILE0679.CHK
c:\found.001\FILE0680.CHK
c:\found.001\FILE0681.CHK
c:\found.001\FILE0682.CHK
c:\found.001\FILE0683.CHK
c:\found.001\FILE0684.CHK
c:\found.001\FILE0685.CHK
c:\found.001\FILE0686.CHK
c:\found.001\FILE0687.CHK
c:\found.001\FILE0688.CHK
c:\found.001\FILE0689.CHK
c:\found.001\FILE0690.CHK
c:\found.001\FILE0691.CHK
c:\found.001\FILE0692.CHK
c:\found.001\FILE0693.CHK
c:\found.001\FILE0694.CHK
c:\found.001\FILE0695.CHK
c:\found.001\FILE0696.CHK
c:\found.001\FILE0697.CHK
c:\found.001\FILE0698.CHK
c:\found.001\FILE0699.CHK
c:\found.001\FILE0700.CHK
c:\found.001\FILE0701.CHK
c:\found.001\FILE0702.CHK
c:\found.001\FILE0703.CHK
c:\found.001\FILE0704.CHK
c:\found.001\FILE0705.CHK
c:\found.001\FILE0706.CHK
c:\found.001\FILE0707.CHK
c:\found.001\FILE0708.CHK
c:\found.001\FILE0709.CHK
c:\found.001\FILE0710.CHK
c:\found.001\FILE0711.CHK
c:\found.001\FILE0712.CHK
c:\found.001\FILE0713.CHK
c:\found.001\FILE0714.CHK
c:\found.001\FILE0715.CHK
c:\found.001\FILE0716.CHK
c:\found.001\FILE0717.CHK
c:\found.001\FILE0718.CHK
c:\found.001\FILE0719.CHK
c:\found.001\FILE0720.CHK
c:\found.001\FILE0721.CHK
c:\found.001\FILE0722.CHK
c:\found.001\FILE0723.CHK
c:\found.001\FILE0724.CHK
c:\found.001\FILE0725.CHK
c:\found.001\FILE0726.CHK
c:\found.001\FILE0727.CHK
c:\found.001\FILE0728.CHK
c:\found.001\FILE0729.CHK
c:\found.001\FILE0730.CHK
c:\found.001\FILE0731.CHK
c:\found.001\FILE0732.CHK
c:\found.001\FILE0733.CHK
c:\found.001\FILE0734.CHK
c:\found.001\FILE0735.CHK
c:\found.001\FILE0736.CHK
c:\found.001\FILE0737.CHK
c:\found.001\FILE0738.CHK
c:\found.001\FILE0739.CHK
c:\found.001\FILE0740.CHK
c:\found.001\FILE0741.CHK
c:\found.001\FILE0742.CHK
c:\found.001\FILE0743.CHK
c:\found.001\FILE0744.CHK
c:\found.001\FILE0745.CHK
c:\found.001\FILE0746.CHK
c:\found.001\FILE0747.CHK
c:\found.001\FILE0748.CHK
c:\found.001\FILE0749.CHK
c:\found.001\FILE0750.CHK
c:\found.001\FILE0751.CHK
c:\found.001\FILE0752.CHK
c:\found.001\FILE0753.CHK
c:\found.001\FILE0754.CHK
c:\found.001\FILE0755.CHK
c:\found.001\FILE0756.CHK
c:\found.001\FILE0757.CHK
c:\found.001\FILE0758.CHK
c:\found.001\FILE0759.CHK
c:\found.001\FILE0760.CHK
c:\found.001\FILE0761.CHK
c:\found.001\FILE0762.CHK
c:\found.001\FILE0763.CHK
c:\found.001\FILE0764.CHK
c:\found.001\FILE0765.CHK
c:\found.001\FILE0766.CHK
c:\found.001\FILE0767.CHK
c:\found.001\FILE0768.CHK
c:\found.001\FILE0769.CHK
c:\found.001\FILE0770.CHK
c:\found.001\FILE0771.CHK
c:\found.001\FILE0772.CHK
c:\found.001\FILE0773.CHK
c:\found.001\FILE0774.CHK
c:\found.001\FILE0775.CHK
c:\found.001\FILE0776.CHK
c:\found.001\FILE0777.CHK
c:\found.001\FILE0778.CHK
c:\found.001\FILE0779.CHK
c:\found.001\FILE0780.CHK
c:\found.001\FILE0781.CHK
c:\found.001\FILE0782.CHK
c:\found.001\FILE0783.CHK
c:\found.001\FILE0784.CHK
c:\found.001\FILE0785.CHK
c:\found.001\FILE0786.CHK
c:\found.001\FILE0787.CHK
c:\found.001\FILE0788.CHK
c:\found.001\FILE0789.CHK
c:\found.001\FILE0790.CHK
c:\found.001\FILE0791.CHK
c:\found.001\FILE0792.CHK
c:\found.001\FILE0793.CHK
c:\found.001\FILE0794.CHK
c:\found.001\FILE0795.CHK
c:\found.001\FILE0796.CHK
c:\found.001\FILE0797.CHK
c:\found.001\FILE0798.CHK
c:\found.001\FILE0799.CHK
c:\found.001\FILE0800.CHK
c:\found.001\FILE0801.CHK
c:\found.001\FILE0802.CHK
c:\found.001\FILE0803.CHK
c:\found.001\FILE0804.CHK
c:\found.001\FILE0805.CHK
c:\found.001\FILE0806.CHK
c:\found.001\FILE0807.CHK
c:\found.001\FILE0808.CHK
c:\found.001\FILE0809.CHK
c:\found.001\FILE0810.CHK
c:\found.001\FILE0811.CHK
c:\found.001\FILE0812.CHK
c:\found.001\FILE0813.CHK
c:\found.001\FILE0814.CHK
c:\found.001\FILE0815.CHK
c:\found.001\FILE0816.CHK
c:\found.001\FILE0817.CHK
c:\found.001\FILE0818.CHK
c:\found.001\FILE0819.CHK
c:\found.001\FILE0820.CHK
c:\found.001\FILE0821.CHK
c:\found.001\FILE0822.CHK
c:\found.001\FILE0823.CHK
c:\found.001\FILE0824.CHK
c:\found.001\FILE0825.CHK
c:\found.001\FILE0826.CHK
c:\found.001\FILE0827.CHK
c:\found.001\FILE0828.CHK
c:\found.001\FILE0829.CHK
c:\found.001\FILE0830.CHK
c:\found.001\FILE0831.CHK
c:\found.001\FILE0832.CHK
c:\found.001\FILE0833.CHK
c:\found.001\FILE0834.CHK
c:\found.001\FILE0835.CHK
c:\found.001\FILE0836.CHK
c:\found.001\FILE0837.CHK
c:\found.001\FILE0838.CHK
c:\found.001\FILE0839.CHK
c:\found.001\FILE0840.CHK
c:\found.001\FILE0841.CHK
c:\found.001\FILE0842.CHK
c:\found.001\FILE0843.CHK
c:\found.001\FILE0844.CHK
c:\found.001\FILE0845.CHK
c:\found.001\FILE0846.CHK
c:\found.001\FILE0847.CHK
c:\found.001\FILE0848.CHK
c:\found.001\FILE0849.CHK
c:\found.001\FILE0850.CHK
c:\found.001\FILE0851.CHK
c:\found.001\FILE0852.CHK
c:\found.001\FILE0853.CHK
c:\found.001\FILE0854.CHK
c:\found.001\FILE0855.CHK
c:\found.001\FILE0856.CHK
c:\found.001\FILE0857.CHK
c:\found.001\FILE0858.CHK
c:\found.001\FILE0859.CHK
c:\found.001\FILE0860.CHK
c:\found.001\FILE0861.CHK
c:\found.001\FILE0862.CHK
c:\found.001\FILE0863.CHK
c:\found.001\FILE0864.CHK
c:\found.001\FILE0865.CHK
c:\found.001\FILE0866.CHK
c:\found.001\FILE0867.CHK
c:\found.001\FILE0868.CHK
c:\found.001\FILE0869.CHK
c:\found.001\FILE0870.CHK
c:\found.001\FILE0871.CHK
c:\found.001\FILE0872.CHK
c:\found.001\FILE0873.CHK
c:\found.001\FILE0874.CHK
c:\found.001\FILE0875.CHK
c:\found.001\FILE0876.CHK
c:\found.001\FILE0877.CHK
c:\found.001\FILE0878.CHK
c:\found.001\FILE0879.CHK
c:\found.001\FILE0880.CHK
c:\found.001\FILE0881.CHK
c:\found.001\FILE0882.CHK
c:\found.001\FILE0883.CHK
c:\found.001\FILE0884.CHK
c:\found.001\FILE0885.CHK
c:\found.001\FILE0886.CHK
c:\found.001\FILE0887.CHK
c:\found.001\FILE0888.CHK
c:\found.001\FILE0889.CHK
c:\found.001\FILE0890.CHK
c:\found.001\FILE0891.CHK
c:\found.001\FILE0892.CHK
c:\found.001\FILE0893.CHK
c:\found.001\FILE0894.CHK
c:\found.001\FILE0895.CHK
c:\found.001\FILE0896.CHK
c:\found.001\FILE0897.CHK
c:\found.001\FILE0898.CHK
c:\found.001\FILE0899.CHK
c:\found.001\FILE0900.CHK
c:\found.001\FILE0901.CHK
c:\found.001\FILE0902.CHK
c:\found.001\FILE0903.CHK
c:\found.001\FILE0904.CHK
c:\found.001\FILE0905.CHK
c:\found.001\FILE0906.CHK
c:\found.001\FILE0907.CHK
c:\found.001\FILE0908.CHK
c:\found.001\FILE0909.CHK
c:\found.001\FILE0910.CHK
c:\found.001\FILE0911.CHK
c:\found.001\FILE0912.CHK
c:\found.001\FILE0913.CHK
c:\found.001\FILE0914.CHK
c:\found.001\FILE0915.CHK
c:\found.001\FILE0916.CHK
c:\found.001\FILE0917.CHK
c:\found.001\FILE0918.CHK
c:\found.001\FILE0919.CHK
c:\found.001\FILE0920.CHK
c:\found.001\FILE0921.CHK
c:\found.001\FILE0922.CHK
c:\found.001\FILE0923.CHK
c:\found.001\FILE0924.CHK
c:\found.001\FILE0925.CHK
c:\found.001\FILE0926.CHK
c:\found.001\FILE0927.CHK
c:\found.001\FILE0928.CHK
c:\found.001\FILE0929.CHK
c:\found.001\FILE0930.CHK
c:\found.001\FILE0931.CHK
c:\found.001\FILE0932.CHK
c:\found.001\FILE0933.CHK
c:\found.001\FILE0934.CHK
c:\found.001\FILE0935.CHK
c:\found.001\FILE0936.CHK
c:\found.001\FILE0937.CHK
c:\found.001\FILE0938.CHK
c:\found.001\FILE0939.CHK
c:\found.001\FILE0940.CHK
c:\found.001\FILE0941.CHK
c:\found.001\FILE0942.CHK
c:\found.001\FILE0943.CHK
c:\found.001\FILE0944.CHK
c:\found.001\FILE0945.CHK
c:\found.001\FILE0946.CHK
c:\found.001\FILE0947.CHK
c:\found.001\FILE0948.CHK
c:\found.001\FILE0949.CHK
c:\found.001\FILE0950.CHK
c:\found.001\FILE0951.CHK
c:\found.001\FILE0952.CHK
c:\found.001\FILE0953.CHK
c:\found.001\FILE0954.CHK
c:\found.001\FILE0955.CHK
c:\found.001\FILE0956.CHK
c:\found.001\FILE0957.CHK
c:\found.001\FILE0958.CHK
c:\found.001\FILE0959.CHK
c:\found.001\FILE0960.CHK
c:\found.001\FILE0961.CHK
c:\found.001\FILE0962.CHK
c:\found.001\FILE0963.CHK
c:\found.001\FILE0964.CHK
c:\found.001\FILE0965.CHK
c:\found.001\FILE0966.CHK
c:\found.001\FILE0967.CHK
c:\found.001\FILE0968.CHK
c:\found.001\FILE0969.CHK
c:\found.001\FILE0970.CHK
c:\found.001\FILE0971.CHK
c:\found.001\FILE0972.CHK
c:\found.001\FILE0973.CHK
c:\found.001\FILE0974.CHK
c:\found.001\FILE0975.CHK
c:\found.001\FILE0976.CHK
c:\found.001\FILE0977.CHK
c:\found.001\FILE0978.CHK
c:\found.001\FILE0979.CHK
c:\found.001\FILE0980.CHK
c:\found.001\FILE0981.CHK
c:\found.001\FILE0982.CHK
c:\found.001\FILE0983.CHK
c:\found.001\FILE0984.CHK
c:\found.001\FILE0985.CHK
c:\found.001\FILE0986.CHK
c:\found.001\FILE0987.CHK
c:\found.001\FILE0988.CHK
c:\found.001\FILE0989.CHK
c:\found.001\FILE0990.CHK
c:\found.001\FILE0991.CHK
c:\found.001\FILE0992.CHK
c:\found.001\FILE0993.CHK
c:\found.001\FILE0994.CHK
c:\found.001\FILE0995.CHK
c:\found.001\FILE0996.CHK
c:\found.001\FILE0997.CHK
c:\found.001\FILE0998.CHK
c:\found.001\FILE0999.CHK
c:\found.001\FILE1000.CHK
c:\found.001\FILE1001.CHK
c:\found.001\FILE1002.CHK
c:\found.001\FILE1003.CHK
c:\found.001\FILE1004.CHK
c:\found.001\FILE1005.CHK
c:\found.001\FILE1006.CHK
c:\found.001\FILE1007.CHK
c:\found.001\FILE1008.CHK
c:\found.001\FILE1009.CHK
c:\found.001\FILE1010.CHK
c:\found.001\FILE1011.CHK
c:\found.001\FILE1012.CHK
c:\found.001\FILE1013.CHK
c:\found.001\FILE1014.CHK
c:\found.001\FILE1015.CHK
c:\found.001\FILE1016.CHK
c:\found.001\FILE1017.CHK
c:\found.001\FILE1018.CHK
c:\found.001\FILE1019.CHK
c:\found.001\FILE1020.CHK
c:\found.001\FILE1021.CHK
c:\found.001\FILE1022.CHK
c:\found.001\FILE1023.CHK
c:\found.001\FILE1024.CHK
c:\found.001\FILE1025.CHK
c:\found.001\FILE1026.CHK
c:\found.001\FILE1027.CHK
c:\found.001\FILE1028.CHK
c:\found.001\FILE1029.CHK
c:\found.001\FILE1030.CHK
c:\found.001\FILE1031.CHK
c:\found.001\FILE1032.CHK
c:\found.001\FILE1033.CHK
c:\found.001\FILE1034.CHK
c:\found.001\FILE1035.CHK
c:\found.001\FILE1036.CHK
c:\found.001\FILE1037.CHK
c:\found.001\FILE1038.CHK
c:\found.001\FILE1039.CHK
c:\found.001\FILE1040.CHK
c:\found.001\FILE1041.CHK
c:\found.001\FILE1042.CHK
c:\found.001\FILE1043.CHK
c:\found.001\FILE1044.CHK
c:\found.001\FILE1045.CHK
c:\found.001\FILE1046.CHK
c:\found.001\FILE1047.CHK
c:\found.001\FILE1048.CHK
c:\found.001\FILE1049.CHK
c:\found.001\FILE1050.CHK
c:\found.001\FILE1051.CHK
c:\found.001\FILE1052.CHK
c:\found.001\FILE1053.CHK
c:\found.001\FILE1054.CHK
c:\found.001\FILE1055.CHK
c:\found.001\FILE1056.CHK
c:\found.001\FILE1057.CHK
c:\found.001\FILE1058.CHK
c:\found.001\FILE1059.CHK
c:\found.001\FILE1060.CHK
c:\found.001\FILE1061.CHK
c:\found.001\FILE1062.CHK
c:\found.001\FILE1063.CHK
c:\found.001\FILE1064.CHK
c:\found.001\FILE1065.CHK
c:\found.001\FILE1066.CHK
c:\found.001\FILE1067.CHK
c:\found.001\FILE1068.CHK
c:\found.001\FILE1069.CHK
c:\found.001\FILE1070.CHK
c:\found.001\FILE1071.CHK
c:\found.001\FILE1072.CHK
c:\found.001\FILE1073.CHK
c:\found.001\FILE1074.CHK
c:\found.001\FILE1075.CHK
c:\found.001\FILE1076.CHK
c:\found.001\FILE1077.CHK
c:\found.001\FILE1078.CHK
c:\found.001\FILE1079.CHK
c:\found.001\FILE1080.CHK
c:\found.001\FILE1081.CHK
c:\found.001\FILE1082.CHK
c:\found.001\FILE1083.CHK
c:\found.001\FILE1084.CHK
c:\found.001\FILE1085.CHK
c:\found.001\FILE1086.CHK
c:\found.001\FILE1087.CHK
c:\found.001\FILE1088.CHK
c:\found.001\FILE1089.CHK
c:\found.001\FILE1090.CHK
c:\found.001\FILE1091.CHK
c:\found.001\FILE1092.CHK
c:\found.001\FILE1093.CHK
c:\found.001\FILE1094.CHK
c:\found.001\FILE1095.CHK
c:\found.001\FILE1096.CHK
c:\found.001\FILE1097.CHK
c:\found.001\FILE1098.CHK
c:\found.001\FILE1099.CHK
c:\found.001\FILE1100.CHK
c:\found.001\FILE1101.CHK
c:\found.001\FILE1102.CHK
c:\found.001\FILE1103.CHK
c:\found.001\FILE1104.CHK
c:\found.001\FILE1105.CHK
c:\found.001\FILE1106.CHK
c:\found.001\FILE1107.CHK
c:\found.001\FILE1108.CHK
c:\found.001\FILE1109.CHK
c:\found.001\FILE1110.CHK
c:\found.001\FILE1111.CHK
c:\found.001\FILE1112.CHK
c:\found.001\FILE1113.CHK
c:\found.001\FILE1114.CHK
c:\found.001\FILE1115.CHK
c:\found.001\FILE1116.CHK
c:\found.001\FILE1117.CHK
c:\found.001\FILE1118.CHK
c:\found.001\FILE1119.CHK
c:\found.001\FILE1120.CHK
c:\found.001\FILE1121.CHK
c:\found.001\FILE1122.CHK
c:\found.001\FILE1123.CHK
c:\found.001\FILE1124.CHK
c:\found.001\FILE1125.CHK
c:\found.001\FILE1126.CHK
c:\found.001\FILE1127.CHK
c:\found.001\FILE1128.CHK
c:\found.001\FILE1129.CHK
c:\found.001\FILE1130.CHK
c:\found.001\FILE1131.CHK
c:\found.001\FILE1132.CHK
c:\found.001\FILE1133.CHK
c:\found.001\FILE1134.CHK
c:\found.001\FILE1135.CHK
c:\found.001\FILE1136.CHK
c:\found.001\FILE1137.CHK
c:\found.001\FILE1138.CHK
c:\found.001\FILE1139.CHK
c:\found.001\FILE1140.CHK
c:\found.001\FILE1141.CHK
c:\found.001\FILE1142.CHK
c:\found.001\FILE1143.CHK
c:\found.001\FILE1144.CHK
c:\found.001\FILE1145.CHK
c:\found.001\FILE1146.CHK
c:\found.001\FILE1147.CHK
c:\found.001\FILE1148.CHK
c:\found.001\FILE1149.CHK
c:\found.001\FILE1150.CHK
c:\found.001\FILE1151.CHK
c:\found.001\FILE1152.CHK
c:\found.001\FILE1153.CHK
c:\found.001\FILE1154.CHK
c:\found.001\FILE1155.CHK
c:\found.001\FILE1156.CHK
c:\found.001\FILE1157.CHK
c:\found.001\FILE1158.CHK
c:\found.001\FILE1159.CHK
c:\found.001\FILE1160.CHK
c:\found.001\FILE1161.CHK
c:\found.001\FILE1162.CHK
c:\found.001\FILE1163.CHK
c:\found.001\FILE1164.CHK
c:\found.001\FILE1165.CHK
c:\found.001\FILE1166.CHK
c:\found.001\FILE1167.CHK
c:\found.001\FILE1168.CHK
c:\found.001\FILE1169.CHK
c:\found.001\FILE1170.CHK
c:\found.001\FILE1171.CHK
c:\found.001\FILE1172.CHK
c:\found.001\FILE1173.CHK
c:\found.001\FILE1174.CHK
c:\found.001\FILE1175.CHK
c:\found.001\FILE1176.CHK
c:\found.001\FILE1177.CHK
c:\found.001\FILE1178.CHK
c:\found.001\FILE1179.CHK
c:\found.001\FILE1180.CHK
c:\found.001\FILE1181.CHK
c:\found.001\FILE1182.CHK
c:\found.001\FILE1183.CHK
c:\found.001\FILE1184.CHK
c:\found.001\FILE1185.CHK
c:\found.001\FILE1186.CHK
c:\found.001\FILE1187.CHK
c:\found.001\FILE1188.CHK
c:\found.001\FILE1189.CHK
c:\found.001\FILE1190.CHK
c:\found.001\FILE1191.CHK
c:\found.001\FILE1192.CHK
c:\found.001\FILE1193.CHK
c:\found.001\FILE1194.CHK
c:\found.001\FILE1195.CHK
c:\found.001\FILE1196.CHK
c:\found.001\FILE1197.CHK
c:\found.001\FILE1198.CHK
c:\found.001\FILE1199.CHK
c:\found.001\FILE1200.CHK
c:\found.001\FILE1201.CHK
c:\found.001\FILE1202.CHK
c:\found.001\FILE1203.CHK
c:\found.001\FILE1204.CHK
c:\found.001\FILE1205.CHK
c:\found.001\FILE1206.CHK
c:\found.001\FILE1207.CHK
c:\found.001\FILE1208.CHK
c:\found.001\FILE1209.CHK
c:\found.001\FILE1210.CHK
c:\found.001\FILE1211.CHK
c:\found.001\FILE1212.CHK
c:\found.001\FILE1213.CHK
c:\found.001\FILE1214.CHK
c:\found.001\FILE1215.CHK
c:\found.001\FILE1216.CHK
c:\found.001\FILE1217.CHK
c:\found.001\FILE1218.CHK
c:\found.001\FILE1219.CHK
c:\found.001\FILE1220.CHK
c:\found.001\FILE1221.CHK
c:\found.001\FILE1222.CHK
c:\found.001\FILE1223.CHK
c:\found.001\FILE1224.CHK
c:\found.001\FILE1225.CHK
c:\found.001\FILE1226.CHK
c:\found.001\FILE1227.CHK
c:\found.001\FILE1228.CHK
c:\found.001\FILE1229.CHK
c:\found.001\FILE1230.CHK
c:\found.001\FILE1231.CHK
c:\found.001\FILE1232.CHK
c:\found.001\FILE1233.CHK
c:\found.001\FILE1234.CHK
c:\found.001\FILE1235.CHK
c:\found.001\FILE1236.CHK
c:\found.001\FILE1237.CHK
c:\found.001\FILE1238.CHK
c:\found.001\FILE1239.CHK
c:\found.001\FILE1240.CHK
c:\found.001\FILE1241.CHK
c:\found.001\FILE1242.CHK
c:\found.001\FILE1243.CHK
c:\found.001\FILE1244.CHK
c:\found.001\FILE1245.CHK
c:\found.001\FILE1246.CHK
c:\found.001\FILE1247.CHK
c:\found.001\FILE1248.CHK
c:\found.001\FILE1249.CHK
c:\found.001\FILE1250.CHK
c:\found.001\FILE1251.CHK
c:\found.001\FILE1252.CHK
c:\found.001\FILE1253.CHK
c:\found.001\FILE1254.CHK
c:\found.001\FILE1255.CHK

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-29 )))))))))))))))))))))))))))))))
.

2011-07-13 11:37 . 2011-07-13 11:37 -------- d-----w- c:\program files\Sunbelt Software
2009-12-26 18:32 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-26 18:32 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 14:00 . 2009-12-26 14:00 -------- d-----w- C:\rsit
2009-12-17 18:04 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-17 18:03 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-17 18:03 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-12-17 18:03 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-17 18:03 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-12-17 18:03 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2009-12-17 18:03 . 2009-12-11 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 18:11 . 2011-11-01 08:04 1023738 ----a-w- c:\windows\system32\drivers\fwdrv.err
2009-11-23 15:55 . 2009-11-23 15:55 -------- d-----w- c:\program files\EPSON
2009-10-11 03:17 . 2008-11-12 14:12 411368 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-28_18.35.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-29 12:34 . 2009-12-29 12:34 16384 c:\windows\Temp\Perflib_Perfdata_504.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2008-11-06 772096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ioCentre"="c:\program files\ioCentre\gTaskBar.exe" [2006-08-03 241664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"nod32kui"="d:\programy\Eset\nod32kui.exe" [2009-06-01 921600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-17 14:49 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programy\\Power DVD\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Opera\\OPERA.EXE"=

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26. 4. 2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26. 4. 2007 10:21 72624]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};d:\programy\Power DVD\PowerDVD8\000.fcl [1. 2. 2008 16:24 41456]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26. 4. 2007 10:21 1234480]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [15. 12. 2007 9:32 14848]
R3 GT680xNT;ColorPage-Vivid 1200XE;c:\windows\system32\drivers\Gt680x.sys [1. 11. 2007 13:49 17376]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [31. 10. 2007 21:18 16512]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [15. 12. 2007 9:32 17408]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [15. 12. 2007 9:32 9984]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawltheinternet.com
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: &Download All with FlashGet - c:\documents and settings\Default User\Local Settings\Temp\flgpxtryd\jc_all.htm
IE: &Download with FlashGet - c:\documents and settings\Default User\Local Settings\Temp\flgpxtryd\jc_link.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\7yywoaki.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 19:53
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\programy\Power DVD\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(884)
c:\windows\system32\imon.dll
d:\programy\Eset\pr_imon.dll
.
Completion time: 2009-12-29 19:56:42
ComboFix-quarantined-files.txt 2009-12-29 18:56
ComboFix2.txt 2009-12-28 18:37

Pre-Run: 3 243 851 776
Post-Run: 3 221 192 704

- - End Of File - - 266515A198D7FC18114159118CF6D101

[Roli]

Škovná, nyní přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Pak dej vědět jestli je ještě nějaký problém s PC.

[adabo]

Ďakujem veľmi pekne, počítač sa mi zdá už normálny, ale zasa mám menší problém s notebookom. Začal mi zamŕzať, nie často ale dnes dvakrát už zamrzol a chcela by som ešte poprosiť o kontrolu RSIT logu z NB.

Logfile of random's system information tool 1.06 (written by random/random)
Run by ASUS at 2010-01-03 19:48:43
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 161 GB (88%) free of 183 GB
Total RAM: 1790 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:59, on 3. 1. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
D:\Programy\Sunbelt Kerio Personal Firewall\SbPFCl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
D:\Programy\Adobe Acrobat 8 Pro\Acrobat\acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Programy\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Programy\Opera\opera.exe
C:\Windows\system32\NOTEPAD.EXE
D:\RSIT.exe
C:\Program Files\trend micro\ASUS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot S&D\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - D:\Programy\IDM\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Acrobat Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Programy\Adobe Acrobat 8 Pro\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All by FlashGet - D:\Programy\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Programy\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\Programy\MSOFFI~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Programy\HTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Programy\HTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MSOFFI~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Pogramy\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Pogramy\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot S&D\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot S&D\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - D:\Programy\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - D:\Programy\Sunbelt Kerio Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - D:\Programy\Sunbelt Kerio Personal Firewall\SbPFSvc.exe

--
End of file - 9456 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\Programy\Spybot S&D\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-27 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - D:\Programy\IDM\QUICKfind\PlugIns\IEHelp.dll [2007-02-16 457216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-23 815104]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-07-25 13548064]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-07-25 92704]
"HControlUser"=C:\Program Files\ATK Hotkey\HcontrolUser.exe [2008-01-11 98304]
"Adobe Reader Speed Launcher"=D:\Programy\Acrobat Reader\Reader\Reader_sl.exe [2008-01-11 39792]
"Acrobat Assistant 8.0"=D:\Programy\Adobe Acrobat 8 Pro\Acrobat\Acrotray.exe [2006-10-22 620152]
""= []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-20 1443072]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"WinampAgent"=D:\Programy\Winamp\winampa.exe [2009-07-01 37888]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Pogramy\FlashGet Network\FlashGet universal\FlashGet.exe"="D:\Pogramy\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"D:\Pogramy\FlashGet Network\FlashGet universal\LiveUpdate.exe"="D:\Pogramy\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"D:\Pogramy\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="D:\Pogramy\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45a1b6dc-f0b8-11de-ab34-0023548441a9}]
shell\AutoRun\command - G:\Toshiba\more4you.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48bbac68-efae-11de-bc9f-0023548441a9}]
shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
shell\dinstall\command - F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50d9befb-dc84-11dd-8a3e-806e6f6e6963}]
shell\AutoRun\command - E:\autorun.exe
shell\dxinstall\command - E:\.\directx\dxsetup.exe
shell\readme\command - notepad readme.txt

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec888428-dc43-11dd-b49e-806e6f6e6963}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 1 months======

2010-01-03 19:48:44 ----D---- C:\Program Files\trend micro
2010-01-03 19:48:43 ----D---- C:\rsit
2010-01-03 19:19:45 ----D---- C:\Windows\system32\eu-ES
2010-01-03 19:19:45 ----D---- C:\Windows\system32\ca-ES
2010-01-03 19:19:37 ----D---- C:\Windows\system32\vi-VN
2010-01-03 19:00:20 ----D---- C:\Windows\system32\EventProviders
2009-12-31 23:27:40 ----A---- C:\Windows\system32\xactengine2_6.dll
2009-12-31 23:27:40 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-12-31 23:27:39 ----A---- C:\Windows\system32\xinput1_3.dll
2009-12-31 23:27:39 ----A---- C:\Windows\system32\xactengine2_4.dll
2009-12-31 23:27:39 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-12-31 23:27:39 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-12-31 23:27:39 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-12-31 23:27:38 ----A---- C:\Windows\system32\xinput1_2.dll
2009-12-31 23:27:38 ----A---- C:\Windows\system32\xinput1_1.dll
2009-12-31 23:27:38 ----A---- C:\Windows\system32\xactengine2_3.dll
2009-12-31 23:27:38 ----A---- C:\Windows\system32\xactengine2_2.dll
2009-12-31 23:27:37 ----A---- C:\Windows\system32\xactengine2_1.dll
2009-12-31 23:27:32 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-12-31 23:27:32 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-12-31 23:27:32 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-12-31 23:27:31 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-12-31 23:27:31 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-12-31 23:27:31 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-12-31 23:27:30 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-12-31 14:41:09 ----D---- C:\help
2009-12-24 19:26:48 ----D---- C:\ProgramData\McAfee
2009-12-22 17:52:47 ----A---- C:\Windows\system32\javaws.exe
2009-12-22 17:52:47 ----A---- C:\Windows\system32\javaw.exe
2009-12-22 17:52:47 ----A---- C:\Windows\system32\java.exe
2009-12-21 20:13:01 ----A---- C:\Windows\system32\msvcr70.dll
2009-12-21 20:12:54 ----A---- C:\Windows\system32\NCTWMAFile2.dll
2009-12-21 20:12:54 ----A---- C:\Windows\system32\NCTAudioTransform2.dll
2009-12-21 20:12:53 ----A---- C:\Windows\system32\NCTAudioRecord2.dll
2009-12-21 20:12:53 ----A---- C:\Windows\system32\NCTAudioPlayer2.dll
2009-12-21 20:12:53 ----A---- C:\Windows\system32\NCTAudioInformation2.dll
2009-12-21 20:12:53 ----A---- C:\Windows\system32\NCTAudioFile2.dll
2009-12-21 20:12:53 ----A---- C:\Windows\system32\NCTAudioEditor2.dll
2009-12-21 19:25:33 ----D---- C:\Program Files\coolpro2
2009-12-10 10:08:37 ----A---- C:\Windows\system32\mshtml.dll
2009-12-10 10:08:35 ----A---- C:\Windows\system32\ieframe.dll
2009-12-10 10:08:29 ----A---- C:\Windows\system32\wininet.dll
2009-12-10 10:08:28 ----A---- C:\Windows\system32\urlmon.dll
2009-12-10 10:08:24 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-10 10:08:19 ----A---- C:\Windows\system32\ieui.dll
2009-12-10 10:08:13 ----A---- C:\Windows\system32\ieencode.dll
2009-12-10 09:49:22 ----A---- C:\Windows\system32\winhttp.dll
2009-12-10 09:45:04 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-10 09:44:59 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 11:40:36 ----A---- C:\Windows\system32\rastls.dll

======List of files/folders modified in the last 1 months======

2010-01-03 19:48:50 ----D---- C:\Windows\Temp
2010-01-03 19:48:44 ----RD---- C:\Program Files
2010-01-03 19:41:29 ----D---- C:\Windows\rescache
2010-01-03 19:38:37 ----D---- C:\Windows\Microsoft.NET
2010-01-03 19:38:15 ----RSD---- C:\Windows\assembly
2010-01-03 19:31:41 ----D---- C:\Windows\System32
2010-01-03 19:31:41 ----D---- C:\Windows\inf
2010-01-03 19:31:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-03 19:29:26 ----D---- C:\ProgramData\NVIDIA
2010-01-03 19:28:17 ----D---- C:\Windows\system32\drivers
2010-01-03 19:28:10 ----D---- C:\Windows
2010-01-03 19:28:06 ----D---- C:\Windows\system32\catroot
2010-01-03 19:28:01 ----SHD---- C:\Boot
2010-01-03 19:27:53 ----D---- C:\Windows\Tasks
2010-01-03 19:21:58 ----D---- C:\Program Files\Windows Calendar
2010-01-03 19:21:57 ----D---- C:\Program Files\Movie Maker
2010-01-03 19:21:55 ----D---- C:\Program Files\Windows Sidebar
2010-01-03 19:21:54 ----D---- C:\Program Files\Windows Mail
2010-01-03 19:21:54 ----D---- C:\Program Files\Internet Explorer
2010-01-03 19:21:53 ----D---- C:\Program Files\Windows Media Player
2010-01-03 19:21:52 ----D---- C:\Program Files\Windows Collaboration
2010-01-03 19:21:51 ----D---- C:\Program Files\Windows Journal
2010-01-03 19:21:48 ----D---- C:\Program Files\Windows Photo Gallery
2010-01-03 19:21:48 ----D---- C:\Program Files\Common Files\System
2010-01-03 19:21:34 ----D---- C:\Windows\servicing
2010-01-03 19:21:34 ----D---- C:\Program Files\Windows Defender
2010-01-03 19:21:31 ----D---- C:\Windows\ehome
2010-01-03 19:21:15 ----D---- C:\Windows\IME
2010-01-03 19:21:14 ----D---- C:\Windows\system32\XPSViewer
2010-01-03 19:21:13 ----D---- C:\Windows\system32\lv-LV
2010-01-03 19:21:13 ----D---- C:\Windows\system32\hr-HR
2010-01-03 19:21:13 ----D---- C:\Windows\system32\et-EE
2010-01-03 19:21:13 ----D---- C:\Windows\system32\da-DK
2010-01-03 19:21:12 ----D---- C:\Windows\system32\sk-SK
2010-01-03 19:21:12 ----D---- C:\Windows\system32\ko-KR
2010-01-03 19:21:12 ----D---- C:\Windows\system32\en-US
2010-01-03 19:21:11 ----D---- C:\Windows\system32\oobe
2010-01-03 19:21:11 ----D---- C:\Windows\system32\it-IT
2010-01-03 19:21:11 ----D---- C:\Windows\system32\el-GR
2010-01-03 19:21:11 ----D---- C:\Windows\system32\de-DE
2010-01-03 19:21:10 ----D---- C:\Windows\system32\migration
2010-01-03 19:21:05 ----D---- C:\Windows\system32\sv-SE
2010-01-03 19:21:05 ----D---- C:\Windows\system32\SLUI
2010-01-03 19:21:05 ----D---- C:\Windows\system32\setup
2010-01-03 19:21:05 ----D---- C:\Windows\system32\ru-RU
2010-01-03 19:21:05 ----D---- C:\Windows\system32\pt-PT
2010-01-03 19:21:05 ----D---- C:\Windows\system32\hu-HU
2010-01-03 19:21:05 ----D---- C:\Windows\system32\he-IL
2010-01-03 19:21:05 ----D---- C:\Windows\system32\fr-FR
2010-01-03 19:21:05 ----D---- C:\Windows\system32\fi-FI
2010-01-03 19:21:05 ----D---- C:\Windows\system32\cs-CZ
2010-01-03 19:21:05 ----D---- C:\Windows\system32\AdvancedInstallers
2010-01-03 19:21:04 ----D---- C:\Windows\system32\zh-TW
2010-01-03 19:21:04 ----D---- C:\Windows\system32\zh-CN
2010-01-03 19:21:04 ----D---- C:\Windows\system32\uk-UA
2010-01-03 19:21:04 ----D---- C:\Windows\system32\th-TH
2010-01-03 19:21:04 ----D---- C:\Windows\system32\sr-Latn-CS
2010-01-03 19:21:04 ----D---- C:\Windows\system32\sl-SI
2010-01-03 19:21:04 ----D---- C:\Windows\system32\ro-RO
2010-01-03 19:21:04 ----D---- C:\Windows\system32\pl-PL
2010-01-03 19:21:04 ----D---- C:\Windows\system32\manifeststore
2010-01-03 19:21:04 ----D---- C:\Windows\system32\ja-JP
2010-01-03 19:21:04 ----D---- C:\Windows\system32\es-ES
2010-01-03 19:21:04 ----D---- C:\Windows\system32\en
2010-01-03 19:21:04 ----D---- C:\Windows\system32\bg-BG
2010-01-03 19:21:00 ----D---- C:\Windows\system32\wbem
2010-01-03 19:21:00 ----D---- C:\Windows\system32\tr-TR
2010-01-03 19:20:58 ----D---- C:\Windows\system32\nl-NL
2010-01-03 19:20:58 ----D---- C:\Windows\system32\nb-NO
2010-01-03 19:20:58 ----D---- C:\Windows\system32\lt-LT
2010-01-03 19:20:58 ----D---- C:\Windows\system32\ar-SA
2010-01-03 19:20:57 ----D---- C:\Windows\system32\pt-BR
2010-01-03 19:20:57 ----D---- C:\Windows\system32\migwiz
2010-01-03 19:19:52 ----RSD---- C:\Windows\Fonts
2010-01-03 19:19:51 ----D---- C:\Windows\AppPatch
2010-01-03 19:19:37 ----D---- C:\Windows\system32\Boot
2010-01-03 19:13:12 ----D---- C:\Windows\winsxs
2010-01-03 19:03:06 ----SHD---- C:\System Volume Information
2010-01-03 12:20:59 ----D---- C:\Users\ASUS\AppData\Roaming\Winamp
2010-01-02 21:01:12 ----D---- C:\ProgramData\Google Updater
2010-01-02 12:08:58 ----D---- C:\Windows\Prefetch
2010-01-01 20:48:02 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-01 20:46:05 ----D---- C:\Program Files\Common Files\InstallShield
2010-01-01 01:33:58 ----SHD---- C:\Windows\Installer
2010-01-01 01:31:45 ----AD---- C:\ProgramData\TEMP
2009-12-26 14:34:23 ----D---- C:\Windows\system32\catroot2
2009-12-26 14:31:11 ----D---- C:\Temp
2009-12-26 14:28:11 ----HD---- C:\ProgramData
2009-12-26 14:22:51 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-26 14:22:49 ----D---- C:\Windows\Debug
2009-12-25 20:34:43 ----D---- C:\Windows\system32\WDI
2009-12-25 13:05:32 ----D---- C:\Program Files\Google
2009-12-23 17:12:52 ----D---- C:\Users\ASUS\AppData\Roaming\Vso
2009-12-22 17:53:20 ----D---- C:\Windows\system32\Tasks
2009-12-22 17:52:41 ----D---- C:\Program Files\Java
2009-12-05 23:38:57 ----A---- C:\Windows\NeroDigital.ini
2009-12-04 19:04:52 ----D---- C:\Download

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-02-20 29704]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R1 SbFw;SbFw; C:\Windows\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver; C:\Windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-02-20 39944]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-19 95744]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-05 908800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam; C:\Windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
R3 FiltUSBET;ET USB Device Lower Filter; C:\Windows\system32\DRIVERS\etFilter.sys [2007-10-15 206336]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-07-08 1050656]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-07-25 7547552]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-07-22 15872]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\Windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 ScanUSBET;ET USB Still Image Capture Device; C:\Windows\system32\DRIVERS\etScan.sys [2007-09-06 6656]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-23 181304]
R3 WCPU;WCPU; \??\C:\Program Files\P4G\WCPU.sys [2007-01-02 11120]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 arb90588;arb90588; C:\Windows\system32\drivers\arb90588.sys []
S3 Asushwio;Asushwio; \??\C:\Windows\system32\drivers\Asushwio.sys [2006-10-10 10288]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-01-23 14656]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\Windows\system32\DRIVERS\MSIRCOMM.sys [2008-01-19 24064]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-06-18 34064]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\Windows\system32\DRIVERS\irstusb.sys [2008-01-19 30208]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-19 45624]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-02 94208]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-07-25 196608]
R2 SbPF.Launcher;SbPF.Launcher; D:\Programy\Sunbelt Kerio Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R2 SPF4;Sunbelt Personal Firewall 4; D:\Programy\Sunbelt Kerio Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-01 654848]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-27 183280]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\Windows\system32\regedt32.exe [2006-11-02 9216]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-20 19200]
S3 NBService;NBService; D:\Programy\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini []

-----------------EOF-----------------

[Roli]

Dobře pomůžu ti i s tím notebookem ale nejdříve se zbavíš toho CRACKED Nodu

a pořídíš si některý z free antivirů, když za něj nechceš platit ano.

Pak mi sem dáš aktuální log z Rsit.

[adabo]

Môže byť aj avast?

Logfile of random's system information tool 1.06 (written by random/random)
Run by ASUS at 2010-01-04 11:12:50
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 160 GB (87%) free of 183 GB
Total RAM: 1790 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:58, on 4. 1. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
D:\Programy\Acrobat Reader\Reader\reader_sl.exe
D:\Programy\Adobe Acrobat 8 Pro\Acrobat\acrotray.exe
D:\Programy\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Programy\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Programy\Sunbelt Kerio Personal Firewall\SbPFCl.exe
D:\Programy\Adobe Acrobat 8 Pro\Acrobat\acrobat_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\RSIT.exe
C:\Program Files\trend micro\ASUS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot S&D\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - D:\Programy\IDM\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Acrobat Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Programy\Adobe Acrobat 8 Pro\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] D:\Programy\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All by FlashGet - D:\Programy\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Programy\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\Programy\MSOFFI~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Programy\HTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Programy\HTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MSOFFI~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Pogramy\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Pogramy\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot S&D\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot S&D\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programy\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programy\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programy\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - D:\Programy\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - D:\Programy\Sunbelt Kerio Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - D:\Programy\Sunbelt Kerio Personal Firewall\SbPFSvc.exe

--
End of file - 9679 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\Programy\Spybot S&D\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-27 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - D:\Programy\IDM\QUICKfind\PlugIns\IEHelp.dll [2007-02-16 457216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-23 815104]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-07-25 13548064]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-07-25 92704]
"HControlUser"=C:\Program Files\ATK Hotkey\HcontrolUser.exe [2008-01-11 98304]
"Adobe Reader Speed Launcher"=D:\Programy\Acrobat Reader\Reader\Reader_sl.exe [2008-01-11 39792]
"Acrobat Assistant 8.0"=D:\Programy\Adobe Acrobat 8 Pro\Acrobat\Acrotray.exe [2006-10-22 620152]
""= []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"WinampAgent"=D:\Programy\Winamp\winampa.exe [2009-07-01 37888]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"avast!"=D:\Programy\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Pogramy\FlashGet Network\FlashGet universal\FlashGet.exe"="D:\Pogramy\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"D:\Pogramy\FlashGet Network\FlashGet universal\LiveUpdate.exe"="D:\Pogramy\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"D:\Pogramy\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="D:\Pogramy\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45a1b6dc-f0b8-11de-ab34-0023548441a9}]
shell\AutoRun\command - G:\Toshiba\more4you.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48bbac68-efae-11de-bc9f-0023548441a9}]
shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
shell\dinstall\command - F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50d9befb-dc84-11dd-8a3e-806e6f6e6963}]
shell\AutoRun\command - E:\autorun.exe
shell\dxinstall\command - E:\.\directx\dxsetup.exe
shell\readme\command - notepad readme.txt

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec888428-dc43-11dd-b49e-806e6f6e6963}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 1 months======

2010-01-04 11:12:50 ----D---- C:\rsit
2010-01-04 11:09:12 ----D---- C:\Program Files\Windows Portable Devices
2010-01-04 11:07:07 ----A---- C:\Windows\system32\UIAnimation.dll
2010-01-04 11:07:06 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-01-04 11:07:06 ----A---- C:\Windows\system32\UIRibbon.dll
2010-01-04 11:06:39 ----A---- C:\Windows\system32\WMPhoto.dll
2010-01-04 11:06:38 ----A---- C:\Windows\system32\cdd.dll
2010-01-04 11:06:37 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-01-04 11:06:37 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-01-04 11:06:37 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-01-04 11:06:37 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-01-04 11:06:37 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-01-04 11:06:37 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-01-04 11:06:37 ----A---- C:\Windows\system32\dxdiagn.dll
2010-01-04 11:06:37 ----A---- C:\Windows\system32\d3d10warp.dll
2010-01-04 11:06:37 ----A---- C:\Windows\system32\d2d1.dll
2010-01-04 11:06:36 ----A---- C:\Windows\system32\xpsservices.dll
2010-01-04 11:06:36 ----A---- C:\Windows\system32\XpsPrint.dll
2010-01-04 11:06:36 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-01-04 11:06:36 ----A---- C:\Windows\system32\OpcServices.dll
2010-01-04 11:06:36 ----A---- C:\Windows\system32\FntCache.dll
2010-01-04 11:06:36 ----A---- C:\Windows\system32\dxdiag.exe
2010-01-04 11:06:35 ----A---- C:\Windows\system32\dxgi.dll
2010-01-04 11:06:35 ----A---- C:\Windows\system32\DWrite.dll
2010-01-04 11:06:35 ----A---- C:\Windows\system32\d3d11.dll
2010-01-04 11:06:35 ----A---- C:\Windows\system32\d3d10level9.dll
2010-01-04 11:06:35 ----A---- C:\Windows\system32\d3d10core.dll
2010-01-04 11:06:35 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-01-04 11:06:35 ----A---- C:\Windows\system32\d3d10_1.dll
2010-01-04 11:06:35 ----A---- C:\Windows\system32\d3d10.dll
2010-01-04 11:06:08 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2010-01-04 11:06:08 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2010-01-04 11:06:07 ----A---- C:\Windows\system32\wpdbusenum.dll
2010-01-04 11:06:03 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2010-01-04 11:06:01 ----A---- C:\Windows\system32\WpdMtpUS.dll
2010-01-04 11:06:01 ----A---- C:\Windows\system32\WpdConns.dll
2010-01-04 11:06:00 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2010-01-04 11:06:00 ----A---- C:\Windows\system32\wpdshext.dll
2010-01-04 11:06:00 ----A---- C:\Windows\system32\wpd_ci.dll
2010-01-04 11:05:59 ----A---- C:\Windows\system32\WPDSp.dll
2010-01-04 11:05:59 ----A---- C:\Windows\system32\WpdMtp.dll
2010-01-04 11:05:59 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2010-01-04 11:05:59 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-01-04 11:05:59 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-01-04 11:05:59 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-01-04 11:05:00 ----A---- C:\Windows\system32\oleaccrc.dll
2010-01-04 11:04:59 ----A---- C:\Windows\system32\UIAutomationCore.dll
2010-01-04 11:04:59 ----A---- C:\Windows\system32\oleacc.dll
2010-01-03 23:33:41 ----D---- C:\Users\ASUS\AppData\Roaming\Audacity
2010-01-03 23:01:26 ----A---- C:\Windows\system32\aswBoot.exe
2010-01-03 19:48:44 ----D---- C:\Program Files\trend micro
2010-01-03 19:19:45 ----D---- C:\Windows\system32\eu-ES
2010-01-03 19:19:45 ----D---- C:\Windows\system32\ca-ES
2010-01-03 19:19:37 ----D---- C:\Windows\system32\vi-VN
2010-01-03 19:00:20 ----D---- C:\Windows\system32\EventProviders
2009-12-31 23:27:40 ----A---- C:\Windows\system32\xactengine2_6.dll
2009-12-31 23:27:40 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-12-31 23:27:39 ----A---- C:\Windows\system32\xinput1_3.dll
2009-12-31 23:27:39 ----A---- C:\Windows\system32\xactengine2_4.dll
2009-12-31 23:27:39 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-12-31 23:27:39 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-12-31 23:27:39 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-12-31 23:27:38 ----A---- C:\Windows\system32\xinput1_2.dll
2009-12-31 23:27:38 ----A---- C:\Windows\system32\xinput1_1.dll
2009-12-31 23:27:38 ----A---- C:\Windows\system32\xactengine2_3.dll
2009-12-31 23:27:38 ----A---- C:\Windows\system32\xactengine2_2.dll
2009-12-31 23:27:37 ----A---- C:\Windows\system32\xactengine2_1.dll
2009-12-31 23:27:32 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-12-31 23:27:32 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-12-31 23:27:32 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-12-31 23:27:31 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-12-31 23:27:31 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-12-31 23:27:31 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-12-31 23:27:30 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-12-31 14:41:09 ----D---- C:\help
2009-12-24 19:26:48 ----D---- C:\ProgramData\McAfee
2009-12-22 17:52:47 ----A---- C:\Windows\system32\javaws.exe
2009-12-22 17:52:47 ----A---- C:\Windows\system32\javaw.exe
2009-12-22 17:52:47 ----A---- C:\Windows\system32\java.exe
2009-12-21 20:13:01 ----A---- C:\Windows\system32\msvcr70.dll
2009-12-21 20:12:54 ----A---- C:\Windows\system32\NCTWMAFile2.dll
2009-12-21 20:12:54 ----A---- C:\Windows\system32\NCTAudioTransform2.dll
2009-12-21 20:12:53 ----A---- C:\Windows\system32\NCTAudioRecord2.dll
2009-12-21 20:12:53 ----A---- C:\Windows\system32\NCTAudioPlayer2.dll
2009-12-21 20:12:53 ----A---- C:\Windows\system32\NCTAudioInformation2.dll
2009-12-21 20:12:53 ----A---- C:\Windows\system32\NCTAudioFile2.dll
2009-12-21 20:12:53 ----A---- C:\Windows\system32\NCTAudioEditor2.dll
2009-12-21 19:25:33 ----D---- C:\Program Files\coolpro2
2009-12-10 10:08:37 ----A---- C:\Windows\system32\mshtml.dll
2009-12-10 10:08:35 ----A---- C:\Windows\system32\ieframe.dll
2009-12-10 10:08:29 ----A---- C:\Windows\system32\wininet.dll
2009-12-10 10:08:28 ----A---- C:\Windows\system32\urlmon.dll
2009-12-10 10:08:24 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-10 10:08:19 ----A---- C:\Windows\system32\ieui.dll
2009-12-10 10:08:13 ----A---- C:\Windows\system32\ieencode.dll
2009-12-10 09:49:22 ----A---- C:\Windows\system32\winhttp.dll
2009-12-10 09:45:04 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-10 09:44:59 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 11:40:36 ----A---- C:\Windows\system32\rastls.dll

======List of files/folders modified in the last 1 months======

2010-01-04 11:12:50 ----D---- C:\Windows\Temp
2010-01-04 11:11:58 ----D---- C:\Windows\system32\Tasks
2010-01-04 11:11:48 ----D---- C:\Windows\system32\drivers
2010-01-04 11:09:17 ----D---- C:\Windows
2010-01-04 11:09:12 ----RD---- C:\Program Files
2010-01-04 11:09:12 ----D---- C:\Windows\system32\wbem
2010-01-04 11:09:12 ----D---- C:\Windows\system32\sk-SK
2010-01-04 11:09:12 ----D---- C:\Windows\System32
2010-01-04 11:09:10 ----D---- C:\Windows\system32\zh-TW
2010-01-04 11:09:10 ----D---- C:\Windows\system32\zh-HK
2010-01-04 11:09:10 ----D---- C:\Windows\system32\zh-CN
2010-01-04 11:09:10 ----D---- C:\Windows\system32\uk-UA
2010-01-04 11:09:10 ----D---- C:\Windows\system32\tr-TR
2010-01-04 11:09:10 ----D---- C:\Windows\system32\th-TH
2010-01-04 11:09:10 ----D---- C:\Windows\system32\sv-SE
2010-01-04 11:09:10 ----D---- C:\Windows\system32\sr-Latn-CS
2010-01-04 11:09:10 ----D---- C:\Windows\system32\sl-SI
2010-01-04 11:09:10 ----D---- C:\Windows\system32\ru-RU
2010-01-04 11:09:10 ----D---- C:\Windows\system32\ro-RO
2010-01-04 11:09:10 ----D---- C:\Windows\system32\pt-PT
2010-01-04 11:09:10 ----D---- C:\Windows\system32\pt-BR
2010-01-04 11:09:10 ----D---- C:\Windows\system32\pl-PL
2010-01-04 11:09:10 ----D---- C:\Windows\system32\nl-NL
2010-01-04 11:09:10 ----D---- C:\Windows\system32\nb-NO
2010-01-04 11:09:10 ----D---- C:\Windows\system32\lv-LV
2010-01-04 11:09:10 ----D---- C:\Windows\system32\lt-LT
2010-01-04 11:09:10 ----D---- C:\Windows\system32\ko-KR
2010-01-04 11:09:10 ----D---- C:\Windows\system32\ja-JP
2010-01-04 11:09:10 ----D---- C:\Windows\system32\it-IT
2010-01-04 11:09:10 ----D---- C:\Windows\system32\hu-HU
2010-01-04 11:09:10 ----D---- C:\Windows\system32\hr-HR
2010-01-04 11:09:10 ----D---- C:\Windows\system32\he-IL
2010-01-04 11:09:10 ----D---- C:\Windows\system32\fr-FR
2010-01-04 11:09:10 ----D---- C:\Windows\system32\fi-FI
2010-01-04 11:09:10 ----D---- C:\Windows\system32\et-EE
2010-01-04 11:09:10 ----D---- C:\Windows\system32\es-ES
2010-01-04 11:09:10 ----D---- C:\Windows\system32\en-US
2010-01-04 11:09:10 ----D---- C:\Windows\system32\el-GR
2010-01-04 11:09:10 ----D---- C:\Windows\system32\de-DE
2010-01-04 11:09:10 ----D---- C:\Windows\system32\da-DK
2010-01-04 11:09:10 ----D---- C:\Windows\system32\cs-CZ
2010-01-04 11:09:10 ----D---- C:\Windows\system32\bg-BG
2010-01-04 11:09:10 ----D---- C:\Windows\system32\ar-SA
2010-01-04 11:09:09 ----D---- C:\Windows\inf
2010-01-04 11:08:17 ----D---- C:\Windows\Microsoft.NET
2010-01-04 11:08:16 ----RSD---- C:\Windows\assembly
2010-01-04 11:07:17 ----D---- C:\Windows\winsxs
2010-01-04 11:07:16 ----D---- C:\Windows\system32\catroot
2010-01-04 11:06:55 ----D---- C:\Windows\system32\catroot2
2010-01-04 11:04:11 ----D---- C:\Windows\Tasks
2010-01-04 11:03:53 ----SHD---- C:\System Volume Information
2010-01-04 10:27:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-03 23:05:54 ----SD---- C:\ProgramData\Microsoft
2010-01-03 22:56:27 ----SHD---- C:\Windows\Installer
2010-01-03 22:52:04 ----AD---- C:\ProgramData\TEMP
2010-01-03 22:02:13 ----D---- C:\ProgramData\Google Updater
2010-01-03 19:41:29 ----D---- C:\Windows\rescache
2010-01-03 19:29:26 ----D---- C:\ProgramData\NVIDIA
2010-01-03 19:28:01 ----SHD---- C:\Boot
2010-01-03 19:21:58 ----D---- C:\Program Files\Windows Calendar
2010-01-03 19:21:57 ----D---- C:\Program Files\Movie Maker
2010-01-03 19:21:55 ----D---- C:\Program Files\Windows Sidebar
2010-01-03 19:21:54 ----D---- C:\Program Files\Windows Mail
2010-01-03 19:21:54 ----D---- C:\Program Files\Internet Explorer
2010-01-03 19:21:53 ----D---- C:\Program Files\Windows Media Player
2010-01-03 19:21:52 ----D---- C:\Program Files\Windows Collaboration
2010-01-03 19:21:51 ----D---- C:\Program Files\Windows Journal
2010-01-03 19:21:48 ----D---- C:\Program Files\Windows Photo Gallery
2010-01-03 19:21:48 ----D---- C:\Program Files\Common Files\System
2010-01-03 19:21:34 ----D---- C:\Windows\servicing
2010-01-03 19:21:34 ----D---- C:\Program Files\Windows Defender
2010-01-03 19:21:31 ----D---- C:\Windows\ehome
2010-01-03 19:21:15 ----D---- C:\Windows\IME
2010-01-03 19:21:14 ----D---- C:\Windows\system32\XPSViewer
2010-01-03 19:21:11 ----D---- C:\Windows\system32\oobe
2010-01-03 19:21:10 ----D---- C:\Windows\system32\migration
2010-01-03 19:21:05 ----D---- C:\Windows\system32\SLUI
2010-01-03 19:21:05 ----D---- C:\Windows\system32\setup
2010-01-03 19:21:05 ----D---- C:\Windows\system32\AdvancedInstallers
2010-01-03 19:21:04 ----D---- C:\Windows\system32\manifeststore
2010-01-03 19:21:04 ----D---- C:\Windows\system32\en
2010-01-03 19:20:57 ----D---- C:\Windows\system32\migwiz
2010-01-03 19:19:52 ----RSD---- C:\Windows\Fonts
2010-01-03 19:19:51 ----D---- C:\Windows\AppPatch
2010-01-03 19:19:37 ----D---- C:\Windows\system32\Boot
2010-01-03 12:20:59 ----D---- C:\Users\ASUS\AppData\Roaming\Winamp
2010-01-02 12:08:58 ----D---- C:\Windows\Prefetch
2010-01-01 20:48:02 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-01 20:46:05 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-26 14:31:11 ----D---- C:\Temp
2009-12-26 14:28:11 ----HD---- C:\ProgramData
2009-12-26 14:22:51 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-26 14:22:49 ----D---- C:\Windows\Debug
2009-12-25 20:34:43 ----D---- C:\Windows\system32\WDI
2009-12-25 13:05:32 ----D---- C:\Program Files\Google
2009-12-23 17:12:52 ----D---- C:\Users\ASUS\AppData\Roaming\Vso
2009-12-22 17:52:41 ----D---- C:\Program Files\Java
2009-12-05 23:38:57 ----A---- C:\Windows\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 SbFw;SbFw; C:\Windows\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver; C:\Windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-19 95744]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-05 908800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam; C:\Windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
R3 FiltUSBET;ET USB Device Lower Filter; C:\Windows\system32\DRIVERS\etFilter.sys [2007-10-15 206336]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-07-08 1050656]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-07-25 7547552]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-07-22 15872]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\Windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 ScanUSBET;ET USB Still Image Capture Device; C:\Windows\system32\DRIVERS\etScan.sys [2007-09-06 6656]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-23 181304]
R3 WCPU;WCPU; \??\C:\Program Files\P4G\WCPU.sys [2007-01-02 11120]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 aemv1013;aemv1013; C:\Windows\system32\drivers\aemv1013.sys []
S3 Asushwio;Asushwio; \??\C:\Windows\system32\drivers\Asushwio.sys [2006-10-10 10288]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-01-23 14656]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\Windows\system32\DRIVERS\MSIRCOMM.sys [2008-01-19 24064]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-06-18 34064]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\Windows\system32\DRIVERS\irstusb.sys [2008-01-19 30208]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-19 45624]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-02 94208]
R2 aswUpdSv;avast! iAVS4 Control Service; D:\Programy\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; D:\Programy\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-07-25 196608]
R2 SbPF.Launcher;SbPF.Launcher; D:\Programy\Sunbelt Kerio Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R2 SPF4;Sunbelt Personal Firewall 4; D:\Programy\Sunbelt Kerio Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
R3 avast! Mail Scanner;avast! Mail Scanner; D:\Programy\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; D:\Programy\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-01 654848]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-27 183280]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\Windows\system32\regedt32.exe [2006-11-02 9216]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 NBService;NBService; D:\Programy\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini []

-----------------EOF-----------------

[Roli]

Avast klidně může být.

Tohle fixni v HJT :

O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Acrobat Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Programy\Adobe Acrobat 8 Pro\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Programy\Winamp\winampa.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Programy\Adobe Acrobat 8 Pro\Acrobat\AdobeCollabSync.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Pogramy\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Pogramy\FlashGet\flashget.exe (file missing)


HJT najdeš zde :

C:\Program Files\trend micro\ASUS

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

položka Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

položka Registry - tady vyčistíš registry; před použitím doporučuji udělat jejich zálohu, kterou Ccleaner nabízí,

čištění registru je třeba několikrát zopakovat !


Defragmentuj disk buď integrovaným windows nástrojem,

nebo jinou aplikací, například Defragglerem


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp

:services
NOD32FiXTemDono

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

[adabo]

Všetko som spravila, tu je log:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== SERVICES/DRIVERS ==========
Service NOD32FiXTemDono stopped successfully!
Service NOD32FiXTemDono deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ASUS
->Temp folder emptied: 11045272 bytes
->Temporary Internet Files folder emptied: 66934 bytes
->Java cache emptied: 44921713 bytes
->FireFox cache emptied: 61325290 bytes
->Opera cache emptied: 6301939 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 775 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 300 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 118,00 mb


OTM by OldTimer - Version 3.1.4.0 log created on 01052010_143153

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Roli]

Bezva, nyní použij Mbam z mého podpisu.

[adabo]

Malwarebytes' Anti-Malware 1.43
Verzia databázy: 3497
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

5. 1. 2010 22:21:16
mbam-log-2010-01-05 (22-21-16).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 96671
Uplynutý cas: 6 minute(s), 34 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)