Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Vírus

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
GIGN1987
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 24 črc 2011 19:48

Vírus

#1 Příspěvek od GIGN1987 »

Nazdar,

potreboval bi som vediet, ako zistím meno vírusu a ako ho odstránim. Príznaky su také že sa stále objavuje pri štarte systému okno s hláškou Program To6m5W8F prestal pracovať a druhý príznak je že nejde spustiť správca úloh skratka ctrl - shift - esc nefunguje a ak napíšem do štartu task a dám Zobraziť spustené procesy pomocou Správcu úloh tak sa objaví chybové okno v s hláškou Správca systému zablokoval Správcu úloh. Tretí príznak je že PC pravidelne odmietne naštartovať a keď zvolím Startup Repair tak mi ponúkne System Restore tak to dám pc nabehne a za asi dva dni sa to isté opakuje. Som si istý že mám vírus len neviem ako ho zruším licencia na Eset je nefunkčná zablokovali ju takže ten je mimo. Mám Win 7 Pro 64 bit.

Log je tu:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Stanislav Čukan at 2011-07-24 20:42:22
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 428 GB (70%) free of 610 GB
Total RAM: 4094 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:42:30, on 24. 7. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Stanislav Čukan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Component] "C:\Program Files (x86)\Common Files\audiohdAq84.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Stanislav Čukan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [googletalk] C:\Users\Stanislav Čukan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-909896920-3555253570-2769916010-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-909896920-3555253570-2769916010-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{240C1E90-8F4D-4937-8AA8-563B09FF9BE4}: NameServer = 208.67.220.220,208.67.220.200
O17 - HKLM\System\CS1\Services\Tcpip\..\{240C1E90-8F4D-4937-8AA8-563B09FF9BE4}: NameServer = 208.67.220.220,208.67.220.200
O17 - HKLM\System\CS2\Services\Tcpip\..\{240C1E90-8F4D-4937-8AA8-563B09FF9BE4}: NameServer = 208.67.220.220,208.67.220.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12132 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\RocketDock\RocketDock.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Users\Stanislav Čukan\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe" /crashhandler
"C:\Program Files\Rainmeter\Rainmeter.exe"
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-9028185a-852d-4196-b5ae-d802488d0298 -SystemEventPortName:HostProcess-a18729c8-b95c-439f-93df-f9cfdba42e56 -IoCancelEventPortName:HostProcess-607aa78a-2453-489e-b2bd-425f9d98ee9f -NonStateChangingEventPortName:HostProcess-1df9a09e-01eb-4d06-8966-d1418f0bf134 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:47aa7e39-7fa8-4bb4-9fc5-e452e4207df5
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\ehome\ehRecvr.exe
"C:\Windows\system32\msconfig.exe"
C:\Windows\ehome\mcGlidHost.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.03169578.696872908 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.00807860.607687713 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.00807C30.195902380 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.03192E80.1184773132 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.0318C1E0.1090012271 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.0318C6E8.1913650343 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.0320A670.1230529839 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.0320CA40.276840022 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.0320CF60.345862372 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.0320D0E8.1316155305 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.0320D270.835245384 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.0320D3F8.2081086746 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.0320D580.1772610562 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.0320D708.479043047 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.0320D890.473802155 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.0320DA18.472987991 /prefetch:3 --ignored=" --type=renderer "
C:\Windows\system32\rundll32.exe "C:\Users\STANIS~1\AppData\Local\Google\Chrome\APPLIC~1\120742~1.122\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll" --lang=sk --channel=3500.096AF158.783278027 /prefetch:4 --flash-broker=3144
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel=3500.094741F8.1924074213 /prefetch:12
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe13_ Global\UsGthrCtrlFltPipeMssGthrPipe13 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 600 604 612 65536 608
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=sk --force-fieldtest=CacheSize/CacheSizeGroup_6/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.0320EC78.1664297050 /prefetch:3
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=sk --force-fieldtest=CacheSize/CacheSizeGroup_6/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3500.0320DEB0.602422740 /prefetch:3
"C:\Users\Stanislav Čukan\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-909896920-3555253570-2769916010-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-909896920-3555253570-2769916010-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2918656]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-04-22 500208]
"CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Stanislav Čukan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 136176]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"googletalk"=C:\Users\Stanislav Čukan\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"Pando Media Booster"=C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2011-07-23 2937528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft]
file:///C:/Users/Stanislav Čukan/Documents/Rainmeter/Skins/rainmeter by Alex/Installer_Must_Run_First.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\worm, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null]
file:///C:/Users/Stanislav Čukan/Documents/Rainmeter/Skins/rainmeter by Alex/Installer_Must_Run_First.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2011-06-07 40376]
""= []
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2010-09-22 640440]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"High Definition Audio Component"=C:\Program Files (x86)\Common Files\audiohdAq84.exe [2011-06-23 167936]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
GamersFirst LIVE!.lnk - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="acaptuser64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2008-03-18 275360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-24 20:42:23 ----D---- C:\Program Files\trend micro
2011-07-24 20:42:22 ----D---- C:\rsit
2011-07-23 18:23:57 ----D---- C:\Users\Stanislav Čukan\AppData\Roaming\Mozilla
2011-07-23 17:12:43 ----D---- C:\ProgramData\PMB Files
2011-07-23 17:12:40 ----D---- C:\Program Files (x86)\Pando Networks
2011-07-23 17:12:24 ----D---- C:\Program Files (x86)\GamersFirst
2011-07-18 18:11:39 ----D---- C:\Users\Stanislav Čukan\AppData\Roaming\Google
2011-07-17 10:33:27 ----D---- C:\android
2011-07-14 23:05:24 ----D---- C:\ProgramData\Genie-Soft
2011-07-14 23:04:09 ----D---- C:\Users\Stanislav Čukan\AppData\Roaming\Genie-Soft
2011-07-14 23:04:03 ----D---- C:\Program Files (x86)\Genie-Soft
2011-07-13 17:25:03 ----A---- C:\Windows\system32\nvsvcr.dll
2011-07-13 17:25:03 ----A---- C:\Windows\system32\easyupdatusapiu64.dll
2011-07-13 16:55:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 16:55:31 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 16:55:31 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 16:55:31 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 16:55:31 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-13 16:55:31 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 16:55:24 ----A---- C:\Windows\system32\wow64win.dll
2011-07-13 16:55:24 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 16:55:24 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 16:55:24 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 16:55:23 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-13 16:55:23 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-13 16:55:23 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-13 16:55:23 ----A---- C:\Windows\system32\wow64.dll
2011-07-13 16:55:23 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-13 16:55:22 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-13 16:55:22 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-13 16:55:22 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-13 16:55:21 ----A---- C:\Windows\SYSWOW64\user.exe
2011-07-13 16:55:19 ----A---- C:\Windows\system32\win32k.sys
2011-07-06 22:47:11 ----D---- C:\Program Files (x86)\Wieser Software Ltd
2011-07-05 20:15:42 ----A---- C:\ProgramData\syshost.exe
2011-07-05 20:00:08 ----D---- C:\Users\Stanislav Čukan\AppData\Roaming\Rainmeter
2011-07-05 19:59:55 ----D---- C:\Program Files\Rainmeter
2011-07-01 08:50:57 ----RA---- C:\Windows\system32\AdobePDFUI.dll
2011-07-01 08:49:58 ----A---- C:\Windows\SYSWOW64\acaptuser32.dll
2011-06-30 14:32:58 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-06-30 14:32:58 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-30 14:32:57 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-06-30 14:32:57 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-06-30 14:32:57 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-06-30 14:32:57 ----A---- C:\Windows\system32\jscript9.dll
2011-06-30 14:32:57 ----A---- C:\Windows\system32\ieui.dll
2011-06-30 14:32:57 ----A---- C:\Windows\system32\iertutil.dll
2011-06-30 14:32:56 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-06-30 14:32:56 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-06-30 14:32:56 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-06-30 14:32:56 ----A---- C:\Windows\system32\urlmon.dll
2011-06-30 14:32:56 ----A---- C:\Windows\system32\jscript.dll
2011-06-30 14:32:54 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-06-30 14:32:54 ----A---- C:\Windows\system32\mshtml.dll
2011-06-30 14:32:53 ----A---- C:\Windows\system32\ieframe.dll
2011-06-30 14:24:57 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-06-30 14:24:57 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-06-30 14:24:57 ----A---- C:\Windows\SYSWOW64\java.exe
2011-06-30 14:23:01 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-06-30 14:23:01 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-30 14:22:59 ----A---- C:\Windows\system32\tquery.dll
2011-06-30 14:22:59 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-30 14:22:59 ----A---- C:\Windows\system32\mssrch.dll
2011-06-30 14:22:58 ----A---- C:\Windows\SYSWOW64\tquery.dll
2011-06-30 14:22:58 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2011-06-30 14:22:58 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-30 14:22:57 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2011-06-30 14:22:57 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2011-06-30 14:22:57 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2011-06-30 14:22:57 ----A---- C:\Windows\SYSWOW64\mssph.dll
2011-06-30 14:22:57 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-30 14:22:57 ----A---- C:\Windows\system32\mssvp.dll
2011-06-30 14:22:57 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-30 14:22:57 ----A---- C:\Windows\system32\mssph.dll
2011-06-30 14:22:56 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2011-06-30 14:22:56 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2011-06-30 14:22:56 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2011-06-30 14:22:56 ----A---- C:\Windows\system32\msscntrs.dll
2011-06-30 14:22:52 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-06-30 14:22:52 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-06-30 14:22:52 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-30 14:22:51 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-06-30 14:22:51 ----A---- C:\Windows\SYSWOW64\devobj.dll
2011-06-30 14:22:45 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-30 14:22:45 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-30 14:22:45 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-06-30 14:22:44 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-06-30 14:22:44 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-30 14:22:43 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2011-06-30 14:22:43 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-30 14:22:40 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-30 14:22:40 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-30 14:22:40 ----A---- C:\Windows\system32\drivers\srv.sys

======List of files/folders modified in the last 1 month======

2011-07-24 20:42:30 ----D---- C:\Windows\Temp
2011-07-24 20:42:30 ----D---- C:\Windows\Prefetch
2011-07-24 20:42:23 ----RD---- C:\Program Files
2011-07-24 20:13:59 ----D---- C:\Windows\System32
2011-07-24 20:13:59 ----D---- C:\Windows\inf
2011-07-24 20:13:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-24 20:07:46 ----D---- C:\Windows\system32\config
2011-07-24 18:54:32 ----D---- C:\Windows\Tasks
2011-07-24 18:54:32 ----D---- C:\Windows\SysWOW64
2011-07-24 18:54:32 ----D---- C:\Windows\system32\wfp
2011-07-24 18:54:32 ----D---- C:\Windows\system32\wbem
2011-07-24 18:54:32 ----D---- C:\Windows\system32\DriverStore
2011-07-24 18:54:32 ----D---- C:\Windows\system32\catroot2
2011-07-24 18:54:32 ----D---- C:\Windows
2011-07-24 18:54:31 ----SHD---- C:\Windows\Installer
2011-07-24 18:54:31 ----D---- C:\Windows\system32\CodeIntegrity
2011-07-24 18:54:30 ----D---- C:\Windows\AppCompat
2011-07-24 18:54:29 ----D---- C:\Windows\registration
2011-07-24 18:54:28 ----D---- C:\Windows\winsxs
2011-07-24 18:53:08 ----SHD---- C:\System Volume Information
2011-07-24 18:12:41 ----D---- C:\Users\Stanislav Čukan\AppData\Roaming\ICQ
2011-07-23 17:12:43 ----HD---- C:\ProgramData
2011-07-23 17:12:40 ----RD---- C:\Program Files (x86)
2011-07-23 12:53:36 ----RD---- C:\Users
2011-07-23 09:26:13 ----D---- C:\Windows\system32\LogFiles
2011-07-18 18:12:49 ----D---- C:\Users\Stanislav Čukan\AppData\Roaming\Skype
2011-07-18 18:08:48 ----D---- C:\ProgramData\Easybits GO
2011-07-18 17:48:48 ----D---- C:\Users\Stanislav Čukan\AppData\Roaming\go
2011-07-17 20:19:11 ----D---- C:\ProgramData\Skype Extras
2011-07-14 23:32:53 ----D---- C:\Users\Stanislav Čukan\AppData\Roaming\uTorrent
2011-07-13 17:27:46 ----D---- C:\Windows\AppPatch
2011-07-13 17:26:17 ----A---- C:\Windows\system32\MRT.exe
2011-07-13 17:25:43 ----D---- C:\ProgramData\NVIDIA
2011-07-13 17:25:09 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-07-13 17:25:08 ----D---- C:\Program Files\NVIDIA Corporation
2011-07-13 17:24:29 ----D---- C:\Windows\system32\drivers
2011-07-13 17:24:26 ----D---- C:\Windows\system32\catroot
2011-07-10 20:20:28 ----D---- C:\ProgramData\CanonIJPLM
2011-07-05 20:15:51 ----D---- C:\Windows\system32\Tasks
2011-07-05 20:15:42 ----D---- C:\Program Files (x86)\Common Files
2011-07-01 11:11:40 ----D---- C:\Windows\Microsoft.NET
2011-07-01 11:11:39 ----RSD---- C:\Windows\assembly
2011-06-30 16:03:37 ----D---- C:\Program Files (x86)\ICQ7.5
2011-06-30 15:23:51 ----D---- C:\Program Files (x86)\Adobe
2011-06-30 15:20:40 ----D---- C:\Program Files (x86)\Internet Explorer
2011-06-30 15:20:39 ----RSD---- C:\Windows\Fonts
2011-06-30 15:20:39 ----D---- C:\Program Files\Internet Explorer
2011-06-30 14:24:56 ----D---- C:\Program Files (x86)\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-28 254528]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-21 1016936]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-03-28 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2011-03-28 107832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-05-22 72704]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 42360]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-04-10 651720]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-03-20 1255736]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vírus

#2 Příspěvek od vyosek »

Zdravim a pekny vecer preji :)

:arrow: Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
GIGN1987
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 24 črc 2011 19:48

Re: Vírus

#3 Příspěvek od GIGN1987 »

tu je, aj ja prajem pekný vecer a dakujem za rychlu odpoved
info.txt logfile of random's system information tool 1.09 2011-07-24 20:42:32

======Uninstall list======

-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe Acrobat 9 Pro Extended 64-bit Add-On-->MsiExec.exe /I{AC76BA86-1033-0000-0064-0003D0000004}
Adobe Acrobat 9.4.5 - CPSID_83708-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Audition 3.0 Vista Compatibility-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb"
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Creative Suite 5 Master Collection-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}"
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}
Adobe Reader X (10.1.0) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA1000000001}
Aktualizácie NVIDIA 1.3.5-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Update
APB Reloaded-->"E:\Hry\GamersFirst\APB Reloaded\Uninstall.exe"
Call of Duty: Black Ops-->"E:\Hry\Call of Duty - Black Ops\unins000.exe"
Canon MP Navigator EX 2.0-->"C:\Program Files (x86)\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 2.0\uninst.ini
Canon Utilities Solution Menu-->C:\Program Files (x86)\Canon\SolutionMenu\uninst.exe uninst.ini
CanoScan LiDE 100 Scanner Driver-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413 /L0x0005
Command & Conquer Generals-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Compiled Driver Disk (Android) 0.99-->"C:\Program Files (x86)\MOBILedit!\Compiled Driver Disk (Android)\Setup\unins000.exe"
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Emergency 2012-->"E:\Hry\Emergency 2012\uninstall.exe"
GamersFirst LIVE!-->"C:\Program Files (x86)\GamersFirst\LIVE!\uninstall.exe"
Genie Mail Backup 8.0-->"C:\Program Files (x86)\Genie-Soft\GenieMailbackup\unins000.exe"
GRID-->"C:\Program Files (x86)\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0009 -removeonly
GTA San Andreas-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Homefront v 1.0-->"E:\Hry\Homefront\Uninstall\unins000.exe"
ICQ7.5-->"C:\Program Files (x86)\InstallShield Installation Information\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Inkjet Printer/Scanner Extended Survey Program-->C:\Program Files (x86)\Canon\IJPLM\SETUP.EXE -R
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF}
Knoll Light Factory EZ Studio 15-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 15\Plugins\RTFx\klfezstudio.log
Magic Bullet Looks Studio 15-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 15\Plugins\RTFx\mblooksstudio15.log
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\wmv9vcm.inf, Uninstall
Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86_x64-->MsiExec.exe /I{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86_x64-->MsiExec.exe /I{8557397C-A42D-486F-97B3-A2CBC2372593}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86_x64-->MsiExec.exe /I{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
MOBILedit! Support Libraries-->MsiExec.exe /I{1A834332-A9EE-440C-9505-2D07F445F05A}
MOBILedit! ver. 5.0.0.983-->"C:\Program Files (x86)\MOBILedit!\Setup\unins000.exe"
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Grafický ovládač 275.33-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
OpenAL-->"C:\Program Files (x86)\OpenAL\OalinstGridRelease.exe" /U
Ovladače videa společnosti Pinnacle-->MsiExec.exe /X{6DE721A5-5E89-4D74-994C-652BB3C0672E}
Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
PDFCreator-->C:\Program Files (x86)\PDFCreator\unins000.exe
Pinnacle Studio 15 Ultimate Collection Plugins-->MsiExec.exe /I{BC7BED89-618B-4E89-8ADF-75D47F276223}
Pinnacle Studio 15-->MsiExec.exe /I{1362E602-9625-42D3-B57F-CDA9D26F9DA8}
Pinnacle Studio Bonus Content-->MsiExec.exe /I{FC030CB5-46A6-4229-AD6E-0AC869F509C8}
PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}
PSPad editor-->"C:\Program Files (x86)\PSPad editor\Uninst\unins000.exe"
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
PxMergeModule-->MsiExec.exe /I{024521CF-C07E-4F8E-8481-0D75695E03AF}
Rainmeter-->"C:\Program Files\Rainmeter\uninst.exe"
RAR Password Cracker 4.12-->C:\Program Files (x86)\RAR Password Cracker\uninstall.exe
Red Giant ToonIt Studio 15-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 15\Plugins\RTFx\rgtoonitstudio.log
RIP Vinyl Demo-->MsiExec.exe /X{E7F2912D-096A-4350-9010-F8B682BC5592}
RocketDock 1.3.5-->"C:\Program Files (x86)\RocketDock\unins000.exe"
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Skype™ 5.3-->MsiExec.exe /X{5335DADB-34BA-4AE8-A519-648D78498846}
SureThing Express Labeler-->"C:\Program Files (x86)\SureThing Express Labeler\unins000.exe"
Tom Clancy's Rainbow Six Vegas 2-->"C:\Program Files (x86)\InstallShield Installation Information\{FD416706-875C-4B0B-A23A-9E740DAE029E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Trapcode 3DStroke Studio 15-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 15\Plugins\RTFx\tc3dstrokestudio.log
Trapcode Particular Studio-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 15\Plugins\RTFx\tcparticularstudio.log
Trapcode Shine Studio 15-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 15\Plugins\RTFx\tcshinestudio.log
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
VLC media player 1.1.9-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WinRAR 4.00 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
YoWindow-->"C:\Program Files (x86)\YoWindow\uninstall.exe"

======Hosts File======

127.0.0.1 activate.adobe.com

======System event log======

Computer Name: GIGN1987
Event Code: 1
Message: Unexpected failure. Error code: D@01010004
Record Number: 567
Source Name: VDS Basic Provider
Time Written: 20110320164717.000000-000
Event Type: Error
User:

Computer Name: GIGN1987
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on ''. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: Požadovaný názov je platný, no nenašli sa žiadne údaje požadovaného typu. (0x80072AFC)
Record Number: 449
Source Name: Microsoft-Windows-Time-Service
Time Written: 20110320163755.922664-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: GIGN1987
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on ''. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: Požadovaný názov je platný, no nenašli sa žiadne údaje požadovaného typu. (0x80072AFC)
Record Number: 447
Source Name: Microsoft-Windows-Time-Service
Time Written: 20110320163610.372478-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: 37L4247E29-32
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on ''. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: Požadovaný názov je platný, no nenašli sa žiadne údaje požadovaného typu. (0x80072AFC)
Record Number: 316
Source Name: Microsoft-Windows-Time-Service
Time Written: 20110320162949.737225-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: 37L4247E29-32
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on ''. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: Požadovaný názov je platný, no nenašli sa žiadne údaje požadovaného typu. (0x80072AFC)
Record Number: 314
Source Name: Microsoft-Windows-Time-Service
Time Written: 20110320162948.224022-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

=====Application event log=====

Computer Name: GIGN1987
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 278
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20110320170030.081706-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: GIGN1987
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-909896920-3555253570-2769916010-1000:
Process 460 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-909896920-3555253570-2769916010-1000

Record Number: 232
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110320163856.652304-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: GIGN1987
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 223
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20110320163648.869746-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: GIGN1987
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 221
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20110320163648.822946-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: GIGN1987
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.

Record Number: 124
Source Name: Microsoft-Windows-Search
Time Written: 20110320163416.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Changed Attributes:
SAM Account Name: -
SID History: -

Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110320162631.133276-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7

New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Attributes:
SAM Account Name: Backup Operators
SID History: -

Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110320162631.133276-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x31cdf
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110320162630.852476-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110320162629.214473-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110320162629.198873-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Pinnacle\Shared Files\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vírus

#4 Příspěvek od vyosek »

:arrow: Nedavejte prosim logy do Quote

:arrow: Predpokladam ze ten ESET NOD32 mate legalni = zakoupena licence :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
GIGN1987
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 24 črc 2011 19:48

Re: Vírus

#5 Příspěvek od GIGN1987 »

momentalne docasna licencia ktora legalna neni, mam ju od kamarata lebo pôvodna z predajne pc ako darcek bola zablokovana, ja programy na zistovanie cisiel nepouzivam a v blizkej dobe planujem zakupit riadnu licenciu
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vírus

#6 Příspěvek od vyosek »

GIGN1987 píše:momentalne docasna licencia ktora legalna neni
Dle pravidel fora (viz zde a a zde bod c.3 ) se vsak nelegalnim SW nezabyvame, jelikoz nelegalni programy jsou vetsinou zdrojem haveti. Navic tim porusujete i autorska prava Obrázek, pachate trestny cin a ten jako takovy nebude nasim forem podporovan. Uvedomte si, ze jste na bezpecnostnim foru - podpora warezu (zvlaste bezpecnostnich programu) by byla zcela proti logice fora :!:
Obstarejte si proto legalni ochranu Vaseho PC (antivir), pote sem vlozte novy log z RSITu a CKScanneru - viz nize.

Osobne Vam doporucuji Avast, Aviru ci MSE. Prehled antiviru mate ZDE.

:arrow: Log z RSITu - viz muj podpis
:arrow: Stahnete na plochu CKScanner
  • Spustte a kliknete na Search for files
  • Po dokonceni skenu kliknete na Save List to File a nasledne OK
  • Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
GIGN1987
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 24 črc 2011 19:48

Re: Vírus

#7 Příspěvek od GIGN1987 »

rozumiem zajtra sem hodim novy log s legalnou licenciu esetu
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vírus

#8 Příspěvek od vyosek »

A te dosahnete tak rychle jak prosim :???: :o

Ja psal neco o free reseni a uprimne - Avast ve sve sestkove verzi je daleko lepsi jak placeny NOD :wink:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
GIGN1987
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 24 črc 2011 19:48

Re: Vírus

#9 Příspěvek od GIGN1987 »

jednoducho pojdem kupit a nainstalujem nie ?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vírus

#10 Příspěvek od vyosek »

No muzete, ale jak jsem psal, je to zbytecne utraceni - kdyz uz platit, tak koupit balicek NIS ci KIS
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
GIGN1987
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 24 črc 2011 19:48

Re: Vírus

#11 Příspěvek od GIGN1987 »

este sa rozhodnem, tu je dalsi log


CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files (x86)\adobe\adobe dreamweaver cs5\configuration\taglibraries\html\keygen.vtm
c:\program files (x86)\adobe\adobe flash catalyst cs5\plugins\com.adobe.thermo.core_1.0.0.273393\com\adobe\thermo\undo\thermoundosystem$undoabledocumentchangecracker.class
c:\program files (x86)\common files\adobe\adobe contribute cs5\app\configuration\browsers\mozilla run time libraries\dist\idl\nsikeygenthread.idl
c:\program files (x86)\common files\adobe\adobe contribute cs5\app\configuration\browsers\mozilla run time libraries\dist\include\nsikeygenthread.h
c:\program files (x86)\mobiledit!\crack.exe
c:\program files (x86)\pinnacle\studio 15\plugins\rtfx\hfxxml\crackers.xml
c:\program files (x86)\pinnacle\studio 15\plugins\rtfx\hfxxml\firecracker.xml
c:\program files (x86)\rar password cracker\example.rpc
c:\program files (x86)\rar password cracker\example1.rar
c:\program files (x86)\rar password cracker\example2.rar
c:\program files (x86)\rar password cracker\license.txt
c:\program files (x86)\rar password cracker\readme.txt
c:\program files (x86)\rar password cracker\rpc.exe
c:\program files (x86)\rar password cracker\special.chr
c:\program files (x86)\rar password cracker\uninstall.exe
c:\program files (x86)\rar password cracker\Äë˙ đóńńęčő.txt
c:\users\public\cod4\crack, other\adberdr910_sk_sk.exe
c:\users\public\cod4\crack, other\rzr-cod4.txt
c:\users\public\cod4\crack, other\thumbs.db
c:\users\public\cod4\crack, other\bots\call of duty(r) 4 - modern warfare(tm) multiplayer bot.lnk
c:\users\public\cod4\crack, other\bots\pezbot\games_mp.log
c:\users\public\cod4\crack, other\bots\pezbot\mod.ff
c:\users\public\cod4\crack, other\bots\pezbot\pezbot.cfg
c:\users\public\cod4\crack, other\bots\pezbot\pezbot.iwd
c:\users\public\cod4\crack, other\bots\pezbot\pezbot_dev.cfg
c:\users\public\cod4\crack, other\bots\pezbot\príkaz.txt
c:\users\public\cod4\crack, other\bots\pezbot\readme\installation.txt
c:\users\public\cod4\crack, other\bots\pezbot\readme\readme.txt
c:\users\public\cod4\crack, other\bots\pezbot\readme\waypointing.txt
c:\users\public\cod4\crack, other\crack\thumbs.db
c:\users\public\cod4\crack, other\crack\crack 1\iw3sp.exe
c:\users\public\cod4\crack, other\crack\crack 2\iw3sp.exe
c:\users\public\cod4\crack, other\crack\crack 3\iw3sp.exe
c:\users\public\cod4\crack, other\full save\players\profiles\active.txt
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\ac130.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\aftermath.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\airlift.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\airplane.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\ambush.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\armada.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\blackout.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\bog_a.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\bog_b.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\cargoship.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\config.cfg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\config_mp.cfg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\coup.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\hunted.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\icbm.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\jeepride.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\killhouse.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\launchfacility_a.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\launchfacility_b.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\mpdata
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\scoutsniper.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\sniperescape.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\village_assault.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\village_defend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ac130-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ac130-2.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ac130-3.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ac130-4.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ac130-5.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ac130-6.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ac130-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\aftermath-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\airlift-0.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\airlift-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\airlift-10.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\airlift-11.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\airlift-2.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\airlift-3.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\airlift-4.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\airlift-5.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\airlift-6.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\airlift-7.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\airlift-8.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\airlift-9.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\airlift-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\airlift-save_now.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\airlift.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\airplane-save_now.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ambush-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ambush-10.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ambush-11.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ambush-12.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ambush-2.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ambush-3.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ambush-4.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ambush-6.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ambush-7.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ambush-8.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ambush-9.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ambush-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ambush-save_now.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\ambush.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\armada-0.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\armada-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\armada-2.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\armada-3.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\armada-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\blackout-0.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\blackout-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\blackout-10.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\blackout-11.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\blackout-2.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\blackout-3.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\blackout-4.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\blackout-5.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\blackout-6.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\blackout-7.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\blackout-8.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\blackout-9.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\blackout-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\blackout.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_a-0.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_a-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_a-10.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_a-11.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_a-2.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_a-3.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_a-4.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_a-5.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_a-6.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_a-7.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_a-8.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_a-9.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_a-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_a.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_b-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_b-2.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_b-3.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_b-4.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_b-5.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_b-6.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_b-7.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_b-8.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_b-9.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_b-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\bog_b.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\cargoship-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\cargoship-10.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\cargoship-11.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\cargoship-12.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\cargoship-2.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\cargoship-3.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\cargoship-4.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\cargoship-5.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\cargoship-6.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\cargoship-7.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\cargoship-8.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\cargoship-9.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\cargoship-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\cargoship-save_now.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\cargoship.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\coup-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\hunted-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\hunted-10.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\hunted-11.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\hunted-12.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\hunted-13.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\hunted-14.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\hunted-2.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\hunted-3.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\hunted-4.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\hunted-5.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\hunted-6.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\hunted-7.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\hunted-8.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\hunted-9.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\hunted-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\hunted.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\icbm-0.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\icbm-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\icbm-2.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\icbm-3.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\icbm-4.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\icbm-5.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\icbm-6.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\icbm-7.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\icbm-8.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\icbm-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\icbm.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\jeepride-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\jeepride-2.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\jeepride-save_now.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\killhouse-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\killhouse-2.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\killhouse-3.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\killhouse-4.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\killhouse-5.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\killhouse-6.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\killhouse-7.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\killhouse-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\killhouse.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_a-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_a-2.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_a-3.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_a-4.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_a-5.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_a-6.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_a-7.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_a-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_a.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_b-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_b-10.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_b-3.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_b-4.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_b-5.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_b-6.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_b-7.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_b-8.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_b-9.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\launchfacility_b-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-10.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-11.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-12.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-13.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-14.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-15.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-16.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-17.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-18.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-2.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-3.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-4.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-5.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-6.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-7.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-8.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-9.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\scoutsniper.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\sniperescape-0.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\sniperescape-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\sniperescape-2.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\sniperescape-3.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\sniperescape-4.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\sniperescape-5.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\sniperescape-6.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\sniperescape-7.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\sniperescape-8.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\sniperescape-9.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\sniperescape-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\sniperescape-save_now.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_assault-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_assault-2.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_assault-3.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_assault-4.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_assault-5.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_assault-6.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_assault-7.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_assault-8.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_assault-9.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_assault-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_assault.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_defend-1.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_defend-10.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_defend-11.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_defend-13.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_defend-15.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_defend-2.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_defend-3.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_defend-4.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_defend-5.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_defend-6.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_defend-8.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_defend-9.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\autosave\village_defend-levelend.svg
c:\users\public\cod4\crack, other\full save\players\profiles\jerri7\mods\pezbot\mpdata
c:\users\public\cod4\crack, other\keygen\rzr-cod4.exe
c:\users\public\documents\pinnacle\content\hollywoodfx\effects\65 - patriotic\firecracker.hfx
c:\users\public\documents\pinnacle\content\hollywoodfx\effects\70 - foods\crackers.hfx
c:\users\public\documents\pinnacle\content\hollywoodfx\objects\food\cracker.hfo
c:\users\public\documents\pinnacle\content\hollywoodfx\objects\patriotic\firecracker bam.hfo
c:\users\public\documents\pinnacle\content\hollywoodfx\objects\patriotic\firecracker bottom.hfo
c:\users\public\documents\pinnacle\content\hollywoodfx\objects\patriotic\firecracker top.hfo
c:\users\public\r6\patche+lan+cz+crack+save\tom clancy rainbow six vegas 2 multiplayer toolkit - segmentnext.url
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\rainbow_six_vegas_2_1.01.exe
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\rainbow_six_vegas_2_1.02.exe
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\rainbow_six_vegas_2_1.03.exe
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data1.cab
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data1.hdr
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data2.cab
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\issetup.dll
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\layout.bin
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\setup.exe
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\setup.ini
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\_setup.dll
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\binaries\activemark_efigs\r6vegas2_game.exe
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\binaries\safedisk_efigs\r6vegas2_game.exe
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\binaries\safedisk_pol\r6vegas2_game.exe
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\binaries\safedisk_rus\r6vegas2_game.exe
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\binaries\atimgpud.dll
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\binaries\dare.ini
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\binaries\r6vegas2res2.dll
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\binaries\r6vegasserverlaunch.bat
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\binaries\rainbowsixvegas2_sads.exe
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\binaries\wxmsw262u.dll
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\config\pckellerengine.ini
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\config\pc\agoraconfigwin32.xml
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\config\pc\agorastatistics_en-us.xml
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\config\pc\pcengine.ini
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\config\pc\r6vegasserverconfig.ini
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\mp_pec.mgb
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\mp_pec.mgm
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\mp_rsmenus.mgb
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\mp_rsmenus.mgm
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\pause.mgb
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\pause.mgm
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\settings.mgb
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\settings.mgm
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\localization\pcfullscreen\eng\mp_pec.mgb
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\localization\pcfullscreen\eng\mp_pec.mgm
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\localization\pcfullscreen\eng\mp_rsmenus.mgb
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\localization\pcfullscreen\eng\mp_rsmenus.mgm
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\localization\pcfullscreen\eng\pause.mgb
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\localization\pcfullscreen\eng\pause.mgm
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\localization\pcfullscreen\eng\settings.mgb
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\localization\pcfullscreen\eng\settings.mgm
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\localization\pcwidescreen\eng\mp_pec.mgb
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\localization\pcwidescreen\eng\mp_pec.mgm
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\localization\pcwidescreen\eng\mp_rsmenus.mgb
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\localization\pcwidescreen\eng\mp_rsmenus.mgm
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\localization\pcwidescreen\eng\pause.mgb
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\localization\pcwidescreen\eng\pause.mgm
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\localization\pcwidescreen\eng\settings.mgb
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\menus\localization\pcwidescreen\eng\settings.mgm
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\noautosync\readme.txt
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\packages\_readme.txt
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\packages\editor\loading.max
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\packages\template\temp.txt
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\french.usr
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\french.vnn
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\french.xvocab
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\german.usr
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\german.vnn
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\german.xvocab
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\italian.usr
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\italian.vnn
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\italian.xvocab
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\japanese.usr
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\japanese.vnn
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\japanese.xvocab
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\spanish.usr
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\spanish.vnn
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\spanish.xvocab
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\usenglish.usr
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\usenglish.vnn
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\content\voicerecognition\usenglish.xvocab
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\cookedpc\core.uppc
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\cookedpc\engine.uppc
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\cookedpc\ipdrv.uppc
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\cookedpc\keller.uppc
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\cookedpc\r6game.uppc
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\cookedpc\mapsdlc\dlc_murdertown_2\dlc_murdertown_2.ini
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\cookedpc\mapsdlc\dlc_training_02\dlc_training_02.ini
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\deu\r6menus.deu
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\esp\r6menus.esp
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\fra\r6menus.fra
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\int\r6menus.int
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\ita\r6menus.ita
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\00_flyby_01innear.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\00_flyby_02innear.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\00_flyby_03innear.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\00_flyby_04innear.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\00_flyby_05innear.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\00_flyby_06innear.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\01_oldvegas_02b.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\01_oldvegas_05.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\01_oldvegas_06.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\01_oldvegas_draft.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\02_lvu_01b.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\02_lvu_03.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\02_lvu_03b.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\03_convention_02a.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\03_convention_03.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\03_convention_03a.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\04_theatre_01load.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\04_theatre_02.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\04_theatre_02a.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\04_theatre_03a.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\05_desert_01b.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\05_desert_02b.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\06_estate_01b.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\06_estate_02.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\0t_picdumidi_01.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\0t_picdumidi_02.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\demo_lvu_04.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\demo_theatre_04.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\loading.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\mb01_import.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\mb02_dantes_01.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\mb03_neon_01.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\mb04_oil.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\mb05_chinese.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\mb06_trainyard.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\mb07_penthouse_01.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\mb08_conven_01.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\mb10_training_01.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\mb11_streets_01_linkapp.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\mb12_killhouse.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\mb13_presidio.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\mb14_convent_mlg.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\mb_09_murdertown.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\pec_hq_map.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\r6game.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\r6hud.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\r6menus.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\r6objective.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\pol\r6tutorial.pol
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\rus\loading.rus
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\rus\r6game.rus
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\rus\r6hud.rus
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\rus\r6menus.rus
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\localization\rus\r6tutorial.rus
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\startup\ersb_pol.bik
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\startup\localizehostloading.bik
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\startup\localizeloading.bik
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\startup\localizeloadpecasset.bik
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\data\kellergame\startup\localizewaitinghost.bik
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\doc\patchnotes\english\patchnotes.txt
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\doc\patchnotes\english\patchnotes.txt.bak
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\doc\patchnotes\french\patchnotes.txt
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\doc\patchnotes\german\patchnotes.txt
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\doc\patchnotes\italian\patchnotes.txt
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\doc\patchnotes\polish\patchnotes.txt
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\doc\patchnotes\russian\patchnotes.txt
c:\users\public\r6\patche+lan+cz+crack+save\1. patche\stare\doc\patchnotes\spanish\patchnotes.txt
c:\users\public\r6\patche+lan+cz+crack+save\2.crack\r6vegas2_game.exe
c:\users\public\r6\patche+lan+cz+crack+save\3.cestina\tom clancy's rainbow six vegas 2 cz 1.31.exe
c:\users\public\r6\patche+lan+cz+crack+save\4.pre lan\binares (aspon toto ked nic ine nejde, nakopiruj do zlozky a prepis).rar
c:\users\public\r6\patche+lan+cz+crack+save\4.pre lan\pbsetup.exe
c:\users\public\r6\patche+lan+cz+crack+save\4.pre lan\r6vegasserverlaunch.bat
c:\users\public\r6\patche+lan+cz+crack+save\4.pre lan\stránka+navod\rainbow six vegas 2 dedicated server tutorial - tunngle community.htm
c:\users\public\r6\patche+lan+cz+crack+save\4.pre lan\stránka+navod\rainbow six vegas 2 dedicated server tutorial - tunngle community_files\8b83ca36472af5eba6f225694cd24448
c:\users\public\r6\patche+lan+cz+crack+save\4.pre lan\stránka+navod\rainbow six vegas 2 dedicated server tutorial - tunngle community_files\adbox_content.js
c:\users\public\r6\patche+lan+cz+crack+save\4.pre lan\stránka+navod\rainbow six vegas 2 dedicated server tutorial - tunngle community_files\cd0b269ce36275b1def6533ae509d7e4
c:\users\public\r6\patche+lan+cz+crack+save\4.pre lan\stránka+navod\rainbow six vegas 2 dedicated server tutorial - tunngle community_files\d79e79b6bdc0915a116e843fab3ed653
c:\users\public\r6\patche+lan+cz+crack+save\4.pre lan\stránka+navod\rainbow six vegas 2 dedicated server tutorial - tunngle community_files\ga.js
c:\users\public\r6\patche+lan+cz+crack+save\4.pre lan\stránka+navod\rainbow six vegas 2 dedicated server tutorial - tunngle community_files\index(1).php
c:\users\public\r6\patche+lan+cz+crack+save\4.pre lan\stránka+navod\rainbow six vegas 2 dedicated server tutorial - tunngle community_files\index(2).php
c:\users\public\r6\patche+lan+cz+crack+save\4.pre lan\stránka+navod\rainbow six vegas 2 dedicated server tutorial - tunngle community_files\index.php
c:\users\public\r6\patche+lan+cz+crack+save\4.pre lan\stránka+navod\rainbow six vegas 2 dedicated server tutorial - tunngle community_files\lang-sql.js
c:\users\public\r6\patche+lan+cz+crack+save\4.pre lan\stránka+navod\rainbow six vegas 2 dedicated server tutorial - tunngle community_files\lightbox.js
c:\users\public\r6\patche+lan+cz+crack+save\4.pre lan\stránka+navod\rainbow six vegas 2 dedicated server tutorial - tunngle community_files\prettify.js
c:\users\public\r6\patche+lan+cz+crack+save\4.pre lan\stránka+navod\rainbow six vegas 2 dedicated server tutorial - tunngle community_files\show_ads.js
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\my jerri7\guest1.dat
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\my jerri7\profile3.dat
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\my jerri7\r6gameconfig.bin
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\my jerri7\r6_customheadpec_customhead
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\my jerri7\r6_equipequipmenttemplate
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\my jerri7\r6_savecheckpoint
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\my jerri7\customhead_tmp\player_6fe80c7c_b742c547.tmp
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\my jerri7\customhead_tmp\player_b7075054_fc8bd081.tmp
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\my jerri7\customhead_tmp\player_bdec7f15_fc8bd081.tmp
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\r6vegas2\guest1.dat
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\r6vegas2\profile1.dat
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\r6vegas2\profile2.dat
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\r6vegas2\profile3.dat
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\r6vegas2\r6gameconfig.bin
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\r6vegas2\r6_customheadpec_customhead
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\r6vegas2\r6_equipequipmenttemplate
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\r6vegas2\r6_savecheckpoint
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\r6vegas2\customhead_tmp\player_6fe80c7c_b742c547.tmp
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\r6vegas2\customhead_tmp\player_b7075054_fc8bd081.tmp
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\unlock\profile1.dat
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\unlock\profile2.dat
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\unlock\profile3.dat
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\unlock\r6gameconfig.bin
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\unlock\r6_customheadpec_customhead
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\unlock\r6_equipequipmenttemplate
c:\users\public\r6\patche+lan+cz+crack+save\save jerri7\unlock\r6_savecheckpoint
c:\users\stanislav Čukan\desktop\fs\mafia.ii-skidrow\mafia.ii.crackfix-skidrow\mafia2.exe
c:\users\stanislav Čukan\desktop\fs\mafia.ii-skidrow\mafia.ii.crackfix-skidrow\skidrow.nfo
c:\users\stanislav Čukan\desktop\fs\mafia.ii-skidrow\mafia.ii.crackfix-skidrow\steamclient.dll
c:\users\stanislav Čukan\desktop\fs\mafia.ii-skidrow\mafia.ii.crackfix-skidrow\steam_appid.txt
c:\users\stanislav Čukan\desktop\fs\mafia.ii-skidrow\mafia.ii.crackfix-skidrow\dlcs\cnt_made_man\content
c:\users\stanislav Čukan\desktop\fs\mafia.ii-skidrow\mafia.ii.crackfix-skidrow\dlcs\cnt_made_man\sds\cars\roller.sds
c:\users\stanislav Čukan\desktop\fs\mafia.ii-skidrow\mafia.ii.crackfix-skidrow\dlcs\cnt_made_man\sds\cars\roller_z.sds
c:\users\stanislav Čukan\desktop\fs\mafia.ii-skidrow\mafia.ii.crackfix-skidrow\dlcs\cnt_made_man\sds\cars\trautenberg_grande.sds
c:\users\stanislav Čukan\desktop\fs\mafia.ii-skidrow\mafia.ii.crackfix-skidrow\dlcs\cnt_made_man\sds\cars\trautenberg_grande_z.sds
c:\users\stanislav Čukan\desktop\fs\mafia.ii-skidrow\mafia.ii.crackfix-skidrow\dlcs\cnt_made_man\sds\player\vitsuit.sds
c:\users\stanislav Čukan\desktop\fs\mafia.ii-skidrow\mafia.ii.crackfix-skidrow\dlcs\cnt_made_man\sds\player\vittux.sds
c:\users\stanislav Čukan\desktop\fs\mafia.ii-skidrow\mafia.ii.crackfix-skidrow\dlcs\cnt_made_man\sds\wardrobe\vitsuit_coat.sds
c:\users\stanislav Čukan\desktop\fs\mafia.ii-skidrow\mafia.ii.crackfix-skidrow\dlcs\cnt_made_man\sds\wardrobe\vittux_coat.sds
c:\users\stanislav Čukan\desktop\office\cracks.7z
c:\users\stanislav Čukan\desktop\sce\crack\stronghold crusader.exe
c:\users\stanislav Čukan\desktop\sce\crack\stronghold_crusader_extreme.exe
c:\users\stanislav Čukan\documents\icq\365574945\receivedfiles\379000110 jerri7\hdsentinel cracket-mesmerize.rar
c:\users\stanislav Čukan\downloads\telefonedit!v5.0.0.983+crack.rar
c:\users\stanislav Čukan\downloads\[czt]adobe_audition_v_3_0_cz_crack.torrent
c:\users\stanislav Čukan\downloads\adobe audition v.3.0+cz+crack\adobe.audition.v3.0+cz+crack.rar
c:\users\stanislav Čukan\downloads\assassin creed brotherhood crack for multiplayer skidrow -- service\ac_br_mp-skdr.rar
c:\users\stanislav Čukan\downloads\assassin creed brotherhood crack for multiplayer skidrow -- service\ac_br_mp-skdr.zip
c:\users\stanislav Čukan\downloads\assassin creed brotherhood crack for multiplayer skidrow -- service\password.txt
c:\users\stanislav Čukan\downloads\new windows 7 activator [2010] [blaze69]\new windows 7 activator [2010]\removewat.exe
c:\users\stanislav Čukan\downloads\sr-tcsccmc-mbb\tom.clancys.splinter.cell.conviction.multiplayer.crack-skidrow\conviction_game.exe
c:\users\stanislav Čukan\downloads\sr-tcsccmc-mbb\tom.clancys.splinter.cell.conviction.multiplayer.crack-skidrow\fun video other.txt
c:\users\stanislav Čukan\downloads\sr-tcsccmc-mbb\tom.clancys.splinter.cell.conviction.multiplayer.crack-skidrow\skidrow.ini
c:\users\stanislav Čukan\downloads\sr-tcsccmc-mbb\tom.clancys.splinter.cell.conviction.multiplayer.crack-skidrow\skidrow.nfo
hosts 127.0.0.1 activate.adobe.com
scanner sequence 3.ZZ.11.PIAPSB
----- EOF -----
Naposledy upravil(a) vyosek dne 24 črc 2011 21:26, celkem upraveno 1 x.
Důvod: post zamknut
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vírus

#12 Příspěvek od vyosek »

Ke crackum asi nema cenu se vyjadrovat ze :?:

Pockam tedy na free zabezpeceni a log z RSIT
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
GIGN1987
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 24 črc 2011 19:48

Re: Vírus

#13 Příspěvek od GIGN1987 »

tak avast som nahodil eset vyhodil spustil test pri starte systemu a zhruba po 4 hodinach testovania boli najdene a presnute tri virusy dobrou spravou je ze pc uz nepise "program To6m5W8F prestal pracovať" ale spravca uloh nadalej nefunguje.

tu je novy log z RSIT:


Logfile of random's system information tool 1.09 (written by random/random)
Run by Stanislav Čukan at 2011-07-25 19:52:15
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 436 GB (71%) free of 610 GB
Total RAM: 4094 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:52:20, on 25. 7. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Stanislav Čukan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\Stanislav Čukan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [worm, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null] file:///C:/Users/Stanislav Čukan/Documents/Rainmeter/Skins/rainmeter by Alex/Installer_Must_Run_First.exe
O4 - HKCU\..\Run: [Microsoft] file:///C:/Users/Stanislav Čukan/Documents/Rainmeter/Skins/rainmeter by Alex/Installer_Must_Run_First.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Stanislav Čukan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-909896920-3555253570-2769916010-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-909896920-3555253570-2769916010-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{240C1E90-8F4D-4937-8AA8-563B09FF9BE4}: NameServer = 208.67.220.220,208.67.220.200
O17 - HKLM\System\CS1\Services\Tcpip\..\{240C1E90-8F4D-4937-8AA8-563B09FF9BE4}: NameServer = 208.67.220.220,208.67.220.200
O17 - HKLM\System\CS2\Services\Tcpip\..\{240C1E90-8F4D-4937-8AA8-563B09FF9BE4}: NameServer = 208.67.220.220,208.67.220.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12830 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-de5bb046-0044-4244-84e8-9727581c84ed -SystemEventPortName:HostProcess-12f4fdd3-53b5-4a86-b843-15af50e68dbd -IoCancelEventPortName:HostProcess-48ad22ce-4e07-4882-acb4-1d0504f44c76 -NonStateChangingEventPortName:HostProcess-cfde3d83-44c2-4b96-94d8-233d2f44e004 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3c8dd838-3e8e-4296-a47f-7fbddf425428
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\RocketDock\RocketDock.exe"
"C:\Users\Stanislav Čukan\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe" /crashhandler
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe"
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files\Rainmeter\Rainmeter.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.03FA29E8.271627172 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.04034980.2113210074 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.04034E88.654362836 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.04038058.453461437 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.04038560.712065175 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.04038A68.1431651014 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.04038F70.418868962 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.04039478.492901840 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.03FAEAD0.1209273204 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.03FAEC58.1178871628 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.03FAEDE0.68410820 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.03FAEF68.592756076 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.03FAF0F0.158708464 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.03FAF278.420030361 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.03FAF400.1186561453 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.03FAF588.855164522 /prefetch:3 --ignored=" --type=renderer "
C:\Windows\system32\rundll32.exe "C:\Users\STANIS~1\AppData\Local\Google\Chrome\APPLIC~1\120742~1.122\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll" --lang=sk --channel=3708.0A88C690.1719788591 /prefetch:4 --flash-broker=3100
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --disable-client-side-phishing-detection --lang=sk --force-fieldtest=CacheSize/CacheSizeGroup_6/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.03FB01C8.1561083365 /prefetch:3 --ignored=" --type=renderer "
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel=3708.0A7AA700.1332826287 /prefetch:12
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=sk --force-fieldtest=CacheSize/CacheSizeGroup_6/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.03FB07E8.408005774 /prefetch:3
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-909896920-3555253570-2769916010-10002_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-909896920-3555253570-2769916010-10002 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 612 616 624 65536 620
"C:\Users\Stanislav Čukan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=sk --force-fieldtest=CacheSize/CacheSizeGroup_6/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WebSocketExperiment/default/ --channel=3708.03FB0350.1221684517 /prefetch:3
wmiadap.exe /F /T /R
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Stanislav Čukan\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-909896920-3555253570-2769916010-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-909896920-3555253570-2769916010-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-07-04 978496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-07-04 978496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-04-22 500208]
"CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Stanislav Čukan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 136176]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"worm, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null"=file:///C:/Users/Stanislav Čukan/Documents/Rainmeter/Skins/rainmeter by Alex/Installer_Must_Run_First.exe []
"Microsoft"=file:///C:/Users/Stanislav Čukan/Documents/Rainmeter/Skins/rainmeter by Alex/Installer_Must_Run_First.exe []
"googletalk"=C:\Users\Stanislav Čukan\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"Pando Media Booster"=C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2011-07-23 2937528]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2011-06-07 40376]
""= []
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2010-09-22 640440]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
GamersFirst LIVE!.lnk - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="acaptuser64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2008-03-18 275360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-25 16:50:36 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-07-25 16:50:35 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-07-25 16:50:32 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-07-25 16:50:32 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-07-25 16:50:30 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-07-25 16:50:27 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-07-25 16:50:27 ----A---- C:\Windows\system32\aswBoot.exe
2011-07-25 16:50:07 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2011-07-25 16:50:07 ----A---- C:\Windows\avastSS.scr
2011-07-25 16:50:02 ----D---- C:\ProgramData\AVAST Software
2011-07-25 16:50:02 ----D---- C:\Program Files\AVAST Software
2011-07-24 20:42:23 ----D---- C:\Program Files\trend micro
2011-07-24 20:42:22 ----D---- C:\rsit
2011-07-23 18:23:57 ----D---- C:\Users\Stanislav Čukan\AppData\Roaming\Mozilla
2011-07-23 17:12:43 ----D---- C:\ProgramData\PMB Files
2011-07-23 17:12:40 ----D---- C:\Program Files (x86)\Pando Networks
2011-07-23 17:12:24 ----D---- C:\Program Files (x86)\GamersFirst
2011-07-18 18:11:39 ----D---- C:\Users\Stanislav Čukan\AppData\Roaming\Google
2011-07-17 10:33:27 ----D---- C:\android
2011-07-14 23:05:24 ----D---- C:\ProgramData\Genie-Soft
2011-07-14 23:04:09 ----D---- C:\Users\Stanislav Čukan\AppData\Roaming\Genie-Soft
2011-07-14 23:04:03 ----D---- C:\Program Files (x86)\Genie-Soft
2011-07-13 17:25:03 ----A---- C:\Windows\system32\nvsvcr.dll
2011-07-13 17:25:03 ----A---- C:\Windows\system32\easyupdatusapiu64.dll
2011-07-13 16:55:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 16:55:31 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 16:55:31 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 16:55:31 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 16:55:31 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-13 16:55:31 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 16:55:30 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 16:55:29 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 16:55:24 ----A---- C:\Windows\system32\wow64win.dll
2011-07-13 16:55:24 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 16:55:24 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 16:55:24 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 16:55:23 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-13 16:55:23 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-13 16:55:23 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-13 16:55:23 ----A---- C:\Windows\system32\wow64.dll
2011-07-13 16:55:23 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-13 16:55:22 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-13 16:55:22 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-13 16:55:22 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-13 16:55:21 ----A---- C:\Windows\SYSWOW64\user.exe
2011-07-13 16:55:19 ----A---- C:\Windows\system32\win32k.sys
2011-07-06 22:47:11 ----D---- C:\Program Files (x86)\Wieser Software Ltd
2011-07-05 20:00:08 ----D---- C:\Users\Stanislav Čukan\AppData\Roaming\Rainmeter
2011-07-05 19:59:55 ----D---- C:\Program Files\Rainmeter
2011-07-01 08:50:57 ----RA---- C:\Windows\system32\AdobePDFUI.dll
2011-07-01 08:49:58 ----A---- C:\Windows\SYSWOW64\acaptuser32.dll
2011-06-30 14:32:58 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-06-30 14:32:58 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-30 14:32:57 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-06-30 14:32:57 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-06-30 14:32:57 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-06-30 14:32:57 ----A---- C:\Windows\system32\jscript9.dll
2011-06-30 14:32:57 ----A---- C:\Windows\system32\ieui.dll
2011-06-30 14:32:57 ----A---- C:\Windows\system32\iertutil.dll
2011-06-30 14:32:56 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-06-30 14:32:56 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-06-30 14:32:56 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-06-30 14:32:56 ----A---- C:\Windows\system32\urlmon.dll
2011-06-30 14:32:56 ----A---- C:\Windows\system32\jscript.dll
2011-06-30 14:32:54 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-06-30 14:32:54 ----A---- C:\Windows\system32\mshtml.dll
2011-06-30 14:32:53 ----A---- C:\Windows\system32\ieframe.dll
2011-06-30 14:24:57 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-06-30 14:24:57 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-06-30 14:24:57 ----A---- C:\Windows\SYSWOW64\java.exe
2011-06-30 14:23:01 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-06-30 14:23:01 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-30 14:22:59 ----A---- C:\Windows\system32\tquery.dll
2011-06-30 14:22:59 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-30 14:22:59 ----A---- C:\Windows\system32\mssrch.dll
2011-06-30 14:22:58 ----A---- C:\Windows\SYSWOW64\tquery.dll
2011-06-30 14:22:58 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2011-06-30 14:22:58 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-30 14:22:57 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2011-06-30 14:22:57 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2011-06-30 14:22:57 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2011-06-30 14:22:57 ----A---- C:\Windows\SYSWOW64\mssph.dll
2011-06-30 14:22:57 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-30 14:22:57 ----A---- C:\Windows\system32\mssvp.dll
2011-06-30 14:22:57 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-30 14:22:57 ----A---- C:\Windows\system32\mssph.dll
2011-06-30 14:22:56 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2011-06-30 14:22:56 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2011-06-30 14:22:56 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2011-06-30 14:22:56 ----A---- C:\Windows\system32\msscntrs.dll
2011-06-30 14:22:52 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-06-30 14:22:52 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-06-30 14:22:52 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-30 14:22:51 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-06-30 14:22:51 ----A---- C:\Windows\SYSWOW64\devobj.dll
2011-06-30 14:22:45 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-30 14:22:45 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-30 14:22:45 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-06-30 14:22:44 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-06-30 14:22:44 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-30 14:22:43 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2011-06-30 14:22:43 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-30 14:22:40 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-30 14:22:40 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-30 14:22:40 ----A---- C:\Windows\system32\drivers\srv.sys

======List of files/folders modified in the last 1 month======

2011-07-25 19:52:17 ----D---- C:\Windows\Temp
2011-07-25 19:48:36 ----D---- C:\Windows\Prefetch
2011-07-25 19:46:45 ----D---- C:\Windows\system32\config
2011-07-25 19:35:12 ----D---- C:\Windows\System32
2011-07-25 19:35:12 ----D---- C:\Windows\inf
2011-07-25 19:35:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-25 17:39:36 ----D---- C:\Windows\Tasks
2011-07-25 17:39:36 ----D---- C:\Windows\system32\wfp
2011-07-25 17:39:36 ----D---- C:\Windows\system32\wbem
2011-07-25 17:39:36 ----D---- C:\Windows\system32\drivers\etc
2011-07-25 17:39:35 ----D---- C:\Windows\system32\CodeIntegrity
2011-07-25 17:39:35 ----D---- C:\Windows\AppCompat
2011-07-25 17:39:33 ----D---- C:\Windows\registration
2011-07-25 17:17:11 ----HD---- C:\ProgramData
2011-07-25 17:13:05 ----D---- C:\Program Files (x86)\MOBILedit!
2011-07-25 17:11:33 ----D---- C:\Program Files (x86)\Common Files
2011-07-25 16:50:36 ----D---- C:\Windows\system32\drivers
2011-07-25 16:50:27 ----D---- C:\Windows\SysWOW64
2011-07-25 16:50:26 ----SHD---- C:\Windows\Installer
2011-07-25 16:50:21 ----D---- C:\Windows\winsxs
2011-07-25 16:50:07 ----D---- C:\Windows
2011-07-25 16:50:02 ----SHD---- C:\System Volume Information
2011-07-25 16:50:02 ----RD---- C:\Program Files
2011-07-25 16:48:53 ----D---- C:\Windows\system32\catroot2
2011-07-25 16:47:24 ----D---- C:\Windows\system32\DriverStore
2011-07-25 16:47:24 ----D---- C:\Windows\system32\catroot
2011-07-24 18:12:41 ----D---- C:\Users\Stanislav Čukan\AppData\Roaming\ICQ
2011-07-23 17:12:40 ----RD---- C:\Program Files (x86)
2011-07-23 12:53:36 ----RD---- C:\Users
2011-07-23 09:26:13 ----D---- C:\Windows\system32\LogFiles
2011-07-18 18:12:49 ----D---- C:\Users\Stanislav Čukan\AppData\Roaming\Skype
2011-07-18 18:08:48 ----D---- C:\ProgramData\Easybits GO
2011-07-18 17:48:48 ----D---- C:\Users\Stanislav Čukan\AppData\Roaming\go
2011-07-17 20:19:11 ----D---- C:\ProgramData\Skype Extras
2011-07-14 23:32:53 ----D---- C:\Users\Stanislav Čukan\AppData\Roaming\uTorrent
2011-07-13 17:27:46 ----D---- C:\Windows\AppPatch
2011-07-13 17:26:17 ----A---- C:\Windows\system32\MRT.exe
2011-07-13 17:25:43 ----D---- C:\ProgramData\NVIDIA
2011-07-13 17:25:09 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-07-13 17:25:08 ----D---- C:\Program Files\NVIDIA Corporation
2011-07-10 20:20:28 ----D---- C:\ProgramData\CanonIJPLM
2011-07-05 20:15:51 ----D---- C:\Windows\system32\Tasks
2011-07-01 11:11:40 ----D---- C:\Windows\Microsoft.NET
2011-07-01 11:11:39 ----RSD---- C:\Windows\assembly
2011-06-30 16:03:37 ----D---- C:\Program Files (x86)\ICQ7.5
2011-06-30 15:23:51 ----D---- C:\Program Files (x86)\Adobe
2011-06-30 15:20:40 ----D---- C:\Program Files (x86)\Internet Explorer
2011-06-30 15:20:39 ----RSD---- C:\Windows\Fonts
2011-06-30 15:20:39 ----D---- C:\Program Files\Internet Explorer
2011-06-30 14:24:56 ----D---- C:\Program Files (x86)\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 31064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 600920]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 288088]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 45400]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-28 254528]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 22360]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 64856]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-21 1016936]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-03-28 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2011-03-28 107832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-05-22 72704]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-04-10 651720]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-03-20 1255736]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vírus

#14 Příspěvek od vyosek »

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
GIGN1987
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 24 črc 2011 19:48

Re: Vírus

#15 Příspěvek od GIGN1987 »

ComboFix 11-07-25.02 - Stanislav Čukan . 07. 2011 20:10:45.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.4094.2819 [GMT 2:00]
Running from: c:\users\Stanislav Lukan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 18:15 . 2011-07-25 18:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-25 18:09 . 2011-07-25 18:09 -------- d-----w- C:\32788R22FWJFW
2011-07-25 14:50 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-25 14:50 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-25 14:50 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-25 14:50 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-25 14:50 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-25 14:50 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-25 14:50 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-25 14:50 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-25 14:50 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-25 14:50 . 2011-07-25 14:50 -------- d-----w- c:\programdata\AVAST Software
2011-07-25 14:50 . 2011-07-25 14:50 -------- d-----w- c:\program files\AVAST Software
2011-07-25 14:42 . 2011-07-20 07:44 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{752CB191-A106-4E89-B666-FC8F8AD74CAB}\mpengine.dll
2011-07-24 18:42 . 2011-07-25 17:52 -------- d-----w- c:\program files\trend micro
2011-07-24 18:42 . 2011-07-24 18:42 -------- d-----w- C:\rsit
2011-07-23 15:26 . 2011-07-23 15:26 -------- d-----w- c:\users\Stanislav Čukan\AppData\Local\PunkBuster
2011-07-23 15:12 . 2011-07-23 15:12 -------- d-----w- c:\users\Stanislav Čukan\AppData\Local\GamersFirst LIVE!
2011-07-23 15:12 . 2011-07-25 18:15 -------- d-----w- c:\users\Stanislav Čukan\AppData\Local\PMB Files
2011-07-23 15:12 . 2011-07-25 15:39 -------- d-----w- c:\programdata\PMB Files
2011-07-23 15:12 . 2011-07-23 15:12 -------- d-----w- c:\program files (x86)\Pando Networks
2011-07-23 15:12 . 2011-07-23 15:12 -------- d-----w- c:\program files (x86)\GamersFirst
2011-07-17 08:33 . 2011-07-17 09:10 -------- d-----w- c:\users\Stanislav Čukan\.android
2011-07-17 08:33 . 2011-07-17 09:09 -------- d-----w- C:\android
2011-07-14 21:05 . 2011-07-14 21:05 -------- d-----w- c:\programdata\Genie-Soft
2011-07-14 21:04 . 2011-07-14 21:04 -------- d-----w- c:\users\Stanislav Čukan\AppData\Roaming\Genie-Soft
2011-07-14 21:04 . 2011-07-14 21:04 -------- d-----w- c:\program files (x86)\Genie-Soft
2011-07-13 15:25 . 2011-07-25 14:43 -------- d-----w- c:\users\UpdatusUser
2011-07-13 15:25 . 2011-05-21 04:01 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-07-13 15:25 . 2011-05-21 04:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-07-06 20:47 . 2011-07-06 20:47 -------- d-----w- c:\program files (x86)\Wieser Software Ltd
2011-07-05 18:00 . 2011-07-25 15:39 -------- d-----w- c:\users\Stanislav Čukan\AppData\Roaming\Rainmeter
2011-07-05 17:59 . 2011-07-05 17:59 -------- d-----w- c:\program files\Rainmeter
2011-07-01 06:50 . 2009-08-19 21:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-07-01 06:49 . 2010-09-22 16:47 112056 ----a-w- c:\windows\SysWow64\acaptuser32.dll
2011-06-30 12:25 . 2011-06-30 12:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-30 12:23 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-30 12:23 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 17:34 . 2011-05-17 15:11 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-03 05:57 . 2011-07-13 14:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 17:14 . 2011-03-20 17:29 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-21 04:01 . 2011-05-21 04:01 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-05-21 04:01 . 2011-05-21 04:01 7123560 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-21 04:01 . 2011-05-21 04:01 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-21 04:01 . 2011-05-21 04:01 6555240 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-05-21 04:01 . 2011-05-21 04:01 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-05-21 04:01 . 2011-05-21 04:01 5301352 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-05-21 04:01 . 2011-05-21 04:01 2943592 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-21 04:01 . 2011-05-21 04:01 2804328 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-05-21 04:01 . 2011-05-21 04:01 2335848 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-05-21 04:01 . 2011-05-21 04:01 22286952 ----a-w- c:\windows\system32\nvoglv64.dll
2011-05-21 04:01 . 2011-05-21 04:01 2212968 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-21 04:01 . 2011-05-21 04:01 2082408 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-05-21 04:01 . 2011-05-21 04:01 18583144 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-21 04:01 . 2011-05-21 04:01 16456296 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-05-21 04:01 . 2011-05-21 04:01 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-05-21 04:01 . 2011-05-21 04:01 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
2011-05-21 04:01 . 2011-05-21 04:01 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
2011-05-21 04:01 . 2011-05-21 04:01 13206120 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-21 04:01 . 2011-05-21 04:01 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-05-21 04:01 . 2010-07-10 04:38 2644584 ----a-w- c:\windows\system32\nvapi64.dll
2011-05-21 04:01 . 2010-07-10 04:38 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-05-21 04:01 . 2010-07-09 15:27 6300776 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-21 04:01 . 2010-07-09 15:27 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-05-21 04:01 . 2010-07-09 15:27 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
2011-05-21 04:01 . 2010-07-09 15:27 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-21 04:01 . 2010-07-09 15:27 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-04 02:52 . 2011-03-30 19:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"googletalk"="c:\users\Stanislav Čukan\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-23 2937528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2010-10-8 2845552]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 100352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-04-22 500208]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{240C1E90-8F4D-4937-8AA8-563B09FF9BE4}: NameServer = 208.67.220.220,208.67.220.200
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
.
**************************************************************************
.
Completion time: 2011-07-25 20:21:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-25 18:21
.
Pre-Run: 456 945 192 960 bytes free
Post-Run: 457 392 926 720 bytes free
.
- - End Of File - - 534EA89364D4A944C62B5E502F2987D4
Naposledy upravil(a) GIGN1987 dne 25 črc 2011 19:56, celkem upraveno 3 x.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“